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RFID  is  really  getting 
under  people’s  skin 

And  that's  a  good  thing, 
say  early  wireless  chip 
implantees. 

■  BY  ELLEN  MESSMER 


HIPAA  compliance: 
Now  and  forever 


Security  mgmt 
vendors  promise 


As  a  deadline  approaches,  survey  finds 
most  are  ready,  although  issues  remain. 


Joseph  Krull  doesn’t  have 
a  chip  on  his  shoulder. 
But  he  has  one  in  it. 

The  San  Antonio  security 
consultant  is  one  of  a  small 
but  growing  number  of  peo¬ 
ple  who  essentially  turn  them¬ 
selves  into  wireless  network 
nodes  for  the  sake  of  making 
personal  information  avail¬ 
able  to  authorized  parties 
with  the  wave  of  a  radio  fre¬ 
quency  identification  (RFID) 
scanner. 

In  Krull’s  case,  the  chip  was 
implanted  two  months  ago  so 
hospital  staff  could  access  his 
medical  information  quickly 
in  emergency  situations. 


\ 


For  RFID  chip  implant  recipi¬ 
ents,  information  about  them 
is  always  at  hand. 

Others  are  “getting  chipped,” 
as  those  in  the  know  call  it,  for 
everything  from  entertain¬ 
ment  to  personal  safety. 

Krull’s  chip  is  basically  the 
same  kind  of  RFID-based 

See  Implant,  page  48 


to  keep  customers 
in  compliance. 

■  BY  DENISE  DUBIE 

A  slew  of  start-ups  are  rolling 
out  tools  to  help  newly  compliant 
IT  shops  monitor,  maintain  and 
enforce  compliance  policies. 

Meeting  the  demands  of  the 
Health  Insurance  Fbrtability  and 
Accountability  Act  (HIPAA),  the 
Sarbanes-Oxley  (SOX)  Act,  and 
the  Gramm-Leach-Bliley  Act  re¬ 
quires  constant  data  analysis,  a 
chore  that  security  management 
newcomers  Elemental  Security 
See  Compliance,  page  16 


■  BY  DENI  CONNOR  AND 
DENISE  DUBIE 

Healthcare  and  related  organi¬ 
zations  have  just  over  two  weeks 
to  meet  new  rules  for  protect¬ 
ing  patient  data  or  face  possible 
fines,  criminal  penalties  and  neg¬ 
ative  publicity  While  many  IT  pro¬ 
fessionals  involved  with  Health 
Insurance  Portability  and 
Accountability  Act  compliance 
say  they  will  meet  the  April  20 
deadline,  some  warn  that  deter¬ 
mining  compliance  is  anything 
but  clear-cut. 

“It’s  not  like  after  April  20  we  can 
breathe  a  big  sigh  of  relief  and 


forget  about  HIPAA  compliance. 
That’s  when  we  have  to  start  prov¬ 
ing  ourselves,”  says  Doug  Torre, 
director  of  networking  and  tech¬ 
nical  services  at  Catholic  Health 
System,  an  integrated  healthcare 
delivery  network  in  and  around 
Buffalo,  N.Y 

An  AMR  Research  survey  found 
that  among  the  225  companies 
that  participated,  some  $3.7  bil¬ 
lion  will  be  spent  this  year  on 
HIPAA  compliance  (one-third 
of  the  companies  will  fund  it 
through  general  IT  budgets).  In 
another  study,  though,  from 
healthcare  information  manage 
See  HIPAA,  page  47 


Spyware  flap  looks  headed  for  court 


■  BY  ELLEN  MESSMER 

A  legal  showdown  is  brewing 
between  anti-spyware  vendors 
and  adware  marketing  compa¬ 
nies  that  contend  their  software 
has  been  unfairly  targeted  for 


detection  and  deletion.  In  be¬ 
tween  the  combatants  stand  IT 
professionals  and  consumers 
who  only  want  relief  from  what 
they  say  has  become  a  growing 
blight  upon  corporate  desktops 
and  home  PCs. 


Claria,  formerly  known  as  The 
Gator  Company,  recently  com¬ 
plained  to  Computer  Associates 
because  CAs  FestPatrol  anti-spy¬ 
ware  software  detects  and  deletes 
Claria’s  Gain  ad-targeting  soft¬ 
ware,  including  Gator  eWallet. 
After  reviewing  Claria’s  com¬ 
plaint,  CA  last  week  eliminated 
from  its  product  the  ability  to 
detect  Claria  adware.  By  late 
Friday,  however,  CA  had  deter¬ 
mined  that  all  eight  of  Claria’s 
products  violate  user  privacy  and 
security  in  some  form  and  added 
detection  for  them  back  into 
Ftest  Patrol. 
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EXTREME  TESTER 
JOEL  SNYDER  provides  a 
minute-by-minute  account  of 
his  60-minute  802.1  X  adventure 
PAGE  36 
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"Ten  percent  of  my  IT  group  used  to  be  dedicated 
just  to  monitoring  our  systems.  Now  they're 
dedicated  to  providing  new  services  to  dealers." 

Mylene  Mayers 

Technology  Manager,  Toyota  Motor  Sales  USA 
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Microsoft  Windows  Server  System  makes  Toyota 
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and  Windows  Server,  Toyota  has  reduced  the 
number  of  IT  staff  required  to  manage  its  dealer 
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work.  It's  software  that  helps  you  do  more  with 
less.  Get  the  full  Toyota  story  and  a  hands-on 
management  tool  at  microsoft.com/wssystem 
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dell.com/database 
or  call  1.888.889.3982 
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Microsoft  takes  aim  at  117  phishers 

■  Microsoft  last  week  filed  suit  against  117  operators  of  phishing 
Web  sites  in  an  attempt  to  clamp  down  on  what  has  become  a  top 
consumer  problem. The  Federal  Trade  Commission  listed  identity 
theft,  which  often  is  facilitated  by  phishing  Web  sites  that  lure  vis¬ 
itors  to  enter  personal  or  financial  information,  as  the  No.  1  con¬ 
sumer  complaint  in  2004.  The  117  cases  were  filed  against  “John 
Doe”  defendants  who  have  not  been  identified.  The  company, 
along  with  the  FTC  and  National  Consumers  League,  also  out¬ 
lined  precautions  consumers  should  take  to  protect  against 
phishing  scams,  such  as  being  suspicious  of  someone  asking  for 
personal  information  in  an  e-mail  and  of  links  embedded  in 
e-mails  that  lead  to  a  Web  site  asking  for  such  information. 

VeriSign  in  line  to  renew  .net  pact 

■  Incumbent  VeriSign  is  the  leading  contender  to  operate  the  .net  registry,  according  to 
an  outside  analysis  of  five  bids  that  was  released  last  week  by  the  Internet  Corporation 
for  Assigned  Names  and  Numbers.  Compiled  by  Telcordia  Technologies,  the  analysis 
ranked  VeriSign  slightly  ahead  of  the  other  bidders,  Sentan  Registry,  Afilias  Limited,  Denic 
and  Core++.  These  five  companies  bid  to  operate  the  highly  available  and  redundant 
servers  around  the  globe  that  handle  billions  of  .net  queries  per  day  The  .net  registry 
also  supports  a  massive  database  that  includes  information  about  each  .net  name  and 
handles  additions,  deletions  and  changes  to  that  information.  In  a  statement  issued  last 
week,  ICANN  said  it  would  “promptly  enter  negotiations  with  the  top-ranked  applicant 
to  reach  a  mutually  acceptable  registry  agreement.”  VeriSign’s  current  contract  to  oper¬ 
ate  the  .net  registry  is  set  to  expire  June  30. The  new  .net  contract  will  last  for  six  years. 

U.S.  decries  lack  of  access  to  foreign  markets 

■  A  report  by  the  Office  of  the  U.S.Trade  Representative  has  rebuked  several  countries, 
most  notably  China,  Japan  and  India,  for  hampering  the  access  of  U.S.  companies  to 
their  domestic  markets  for  telecom  services  and  equipment.“We  are  deeply  concerned 
by  the  tepid  commitment  some  of  our  trade  partners  have  shown  to  competition  in  the 
telecommunications  sector’’  said  Peter  Allgeier,  the  acting  U.S.  trade  representative,  in  a 
statement.  Allgeier’s  comments  accompanied  the  results  of  an  annual  USTR  review  of 
foreign  compliance  with  international  telecommunications  agreements.  USTR  singled 


Intel’s  new  “Espresso”  processor, 
demonstrated  at  a  recent  trade  show. 


Roger  Slykhouse  of  West  Bloomfield, 
Mich.,  melds  coffee  and  computing  to 
land  the  top  spot  in  our  latest  Weekly 
Caption  Contest  Slykhouse  wins  offi¬ 
cial  Layer  8  swag  and  bragging  rights 
for  the  entire  week.  Check  in  every 
week  for  the  latest  round. 
www.nwfusion.com/weblogs/layer8 
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Webcam  to  the  rescue.  Sort  of.  Police  in  the  U.K.  praised  a 

man  in  Australia  for  tipping  them  off  to  a  suspected  burglary  that  he  witnessed  on 
a  Webcam,  even  though  it  turned  out  to  be  just  a  couple  arguing,  the  BBC  reported 


3/  Gone  phishin'  The  number  of  phishing  attacks  grew  slightly  during 
February,  and  there  was  also  increased  malicious  software  use,  a  group  that  monitors 
attempts  at  online  identity  theft  said  last  week.  There  were  13,141  unique  phishing 
e-mail  messages  reported  to  the  Anti-Phishing  Working  Group  during  February,  up 
2%  from  the  number  reported  to  the  group  in  January.  The  group  compiles  its  data 
using  information  from  ISPs,  network  administrators,  law  enforcement  agencies  and 
j  individuals. 


Berkeley  learns  tough  lesson.  The  latest  id  theft  victim? 

University  of  California,  Berkeley,  graduate  students  and  grad  school  applicants. 
The  school  last  week  announced  that  its  police  force  is  investigating  the  theft  of  a 
campus  laptop  computer  that  contained  files  with  the  names  and  Social  Security 
numbers  of  more  than  98,000  individuals.  The  computer  was  stolen  March  11.  The 
school  says  there’s  no  evidence  the  data  has  been  misused,  but  it  has  informed 
those  whose  data  was  swiped,  in  order  to  comply  with  state  law. 


out  China,  Japan  and  India  for  criticism,  saying  that  operators  from  these  countries  were 
competing  globally  while  benefiting  from  relatively  closed  markets  at  home.  Among  the 
issues  that  concern  the  U.S.  government,  USTR  cited  restrictions  on  capitalization  levels 
and  joint  ventures  in  China,  and  criticized  Japan’s  failure  to  allocate  additional  spec¬ 
trum  for  mobile  operators.  USTR  also  cited  excessive  licensing  requirements  for  new 
market  entrants  and  a  failure  to  address  restrictions  on  access  to  submarine  cable 
capacity  in  India. 

SunGard  accepts  buyout  deal 

■  SunGard  Data  Systems  last  week  confirmed  that  it  has  approved  an  $1 1.3  billion  buy¬ 
out  offer  from  seven  investment  firms:  Silver  Lake  Partners,  Kohlberg  Kravis  Roberts  & 
Co.,  Bain  Capital,  The  Biackstone  Group,  Goldman  Sachs  Capital  Partners,  Providence 
Equity  Partners  and  Texas  Pacific  Group.  CEO  Cristobal  Conde  said  in  a  statement  that 
the  deal  represents  an  endorsement  of  SunGard’s  business  model  and  financial 
strength,  and  that  its  management  team  will  remain  intact.  However,  many  analysts  and 
users  believe  the  company  will  be  broken  up  and  sold  off  as  separate  businesses.  The 
spinoffs  could  include  SunGard’s  software  and  processing  businesses  or  its  disaster- 
recovery  and  business-continuity  services. 


SAS,  the  leader  in  business  intelligence  software,  asks... 


Could  your  IT  dollars  be  better  spent? 
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Author  Nicholas  Carr  and  top  business  influencers  join  in  a  lively  discussion  about  his  controversial  book,  Does  IT  Matter? 
Check  out  our  Web  site  for  more  on  this  informative,  on-demand  Web  seminar. 
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adband  case  goes  to  Supreme  Court 


H  BY  JIM  DUFFY 

Though  chiefly  a  consumer 
issue,  a  case  before  the  U.S. 
Supreme  Court  could  determine 
the  pace  of  next-generation  enter¬ 
prise  service  rollouts  from  carri¬ 
ers  and  cable  companies. 

The  court  is  hearing  National 
Cable  and  Telecommunications 
Association  (NCTA)  vs.  Brand  X 
Internet  Services,  a  case  where  a 


group  of  ISPs  oppose  the  FCC’s 
attempts  to  classify  cable  modem 
service  as  an  unregulated  infor¬ 
mation  service  instead  of  a  regu¬ 
lated  telecom  service. 

The  former  would  effectively 
shut  out  ISPs  from  riding  on  cable 
broadband  networks  and  selling 
services  to  cable  modem  users. 
But  the  latter  might  discourage 
cable  operators,  and  telcos,  from 
investing  in  infrastructure  up¬ 


grades  to  support  new  services. 
That  was  always  the  complaint  of 
the  RBOCs,  which  have  had  to 
provide  competitors  low-cost 
access  to  their  facilities  for  years. 

“It  could  shape  [cable  and 
telco]  decision  making  as  they 
evaluate  the  business  case  for 
moving  forward  for  the  types  of 
services  they  roll  out  to  their  en¬ 
terprise  customers, as  well  as  their 
consumer  and  residential  cus¬ 


tomers,”  says  Carol  Matteya  direc¬ 
tor  in  Deloitte  &  Touche’s  U.S. 
Technology  Media  and  Telecom¬ 
munications  industry  practice. 

The  plaintiffs,  which  include 
ISPs  Brand  X  Internet  and  Earth- 
Link,  argue  that  U.S.  broadband 
customers  would  have  more 
choices  of  providers,  and  that 
competition  could  reduce  prices, 
if  the  Supreme  Court  rejects  the 
FCC’s  attempt  to  classify  cable 
modem  broadband  as  an  unreg¬ 
ulated  information  service. 
Supporters  of  the  FCC  action  say 
broadband  adoption  in  the  U.S. 
would  slow  if  cable  providers 
were  forced  to  share  their  net¬ 
works  with  competing  ISPs. 

“If  the  cable  companies  lose 
this,  the  risk  would  be  that  [firms] 
would  see  a  delay  in  deployment 
of  Ethernet  services  and  would 
probably  face  higher  prices  for 
the  services,”  says  Thomas  Nolle, 
president  of  consultancy  CIMI. 

Currently  cable  companies  are 
not  big  players  in  the  enterprise 
services  market.  Some  of  the  larg¬ 
er  cable  multisystem  operators 
(MSO)  serve  small  and  midsize 
businesses  (SMB)  in  their  re¬ 
gions,  but  the  residential  sector  is 
their  bread  and  butter  (www.nw 
fusion.com,  DocFinder:  6536). 

In  the  U.S.  alone  there  are 
approximately  5.4  million  SMBs, 
about  98%  of  which  are  passed 
by  upgraded  cable  facilities,  ac¬ 
cording  to  Current  Analysis.  U.S. 
businesses  spent  roughly  $3.2  bil¬ 
lion  on  cable  modem  services  in 
2004,  as  compared  with  an  esti¬ 
mated  $3.3  billion  for  DSL  ser¬ 
vices,  according  to  In-Stat/MDR. 

Telcos  compete  with  cable  mul¬ 
tiservice  operators  (MSO)  for  resi¬ 
dential  and  SMB  broadband  ser¬ 
vices,  but  are  increasingly  target¬ 
ing  the  enterprise  network  market 
as  well.  This  was  the  impetus  be¬ 
hind  SBC’s  purchase  of  AT&T  and 
Verizon’s  acquisition  of  MCI.  A  rul¬ 
ing  in  favor  of  the  ISPs  in  NCTA  v. 
Brand  X  might  be  the  catalyst  for 
further  expansion  into  the  market. 

“Enterprise  is  the  next  venue  for 
the  cable  operators,”  says  Bruce 
Leichtman,  president  and  princi¬ 
pal  analyst  at  Leichtman  Re¬ 
search  Group.  “It’s  an  area  the 
operators  have  to  look  more  at  as 
the  consumer  side  gets  more 
price  competitive.” 

Even  though  they  are  staunch 
competitors,  telcos  are  siding 
with  the  cable  MSOs  in  this  case. 
Incumbent  carriers  traditionally 
have  faced  regulation,  including 
requirements  in  the  Telecom¬ 


munications  Act  of  1996  that 
share  access  to  their  networks 
with  competing  carriers. 

However,  the  FCC  has  relaxed 
some  of  those  policies  in  an  effort 
to  stimulate  investment.  In  Feb¬ 
ruary  2003,  the  FCC  voted  to 
phase  out  rules  requiring  the 
large  incumbent  telcos  to  share 
residential  DSL  lines  at  discount¬ 
ed  rates  with  competing  ISPs.  In 
March  2002,  the  commission 
ruled  that  cable  modem  service 
was  an  information  service  not 
subject  to  the  same  regulation  as 
telecom  services  —  but  that  deci¬ 
sion  was  overturned  by  the  Ninth 
Circuit  Court  of  Appeals  in  San 
Francisco  in  October  2003. 

“If  the  Supreme  Court  upholds 
the  Ninth  Circuit  [ruling], I  expect 
that  the  cable  companies  and  the 
DSL  providers  will  both  be  press¬ 
ing  the  FCC  to  [avoid]  applying 
traditional  common  carrier  regu¬ 
lations  to  those  services,”  Mattey 
says.  “If  the  FCC  and  the  cable 
industry  prevail,  there  will  be 
increasing  pressure  for  similar  rul¬ 
ings  on  the  telco  side  for  their 
DSL  services.” 

Things  may  have  already  gotten 
off  to  a  shaky  start  for  the  cable 
providers  and  telcos.  During  oral 
arguments  in  the  case  last  week, 
the  Supreme  Court  questioned 
why  the  FCC  would  classify  cable 
broadband  as  an  unregulated 
information  service  while  it  regu¬ 
lates  DSL  and  other  services  that 
carriers  offer. 

But  Justice  Stephen  Breyer  also 
questioned  if  the  court  should 
overrule  the  FCC  and  attempt  to 
draw  its  own  lines  or  leave  the 
matter  to  the  commission. 

A  ruling  on  the  case  is  expected 
in  June. 

Grant  Gross,  a  correspondent 
with  the  IDG  News  Service,  con¬ 
tributed  to  this  story. 
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Oracle  buys  Oblix  for  ID  mgmt 


■  BY  JOHN  FONTANA 

As  a  result  of  continued  consolidation,  the  iden¬ 
tity  management  market  is  taking  on  a  whole  new 
identity. 

Oracle’s  $93  million  acquisition  of  Oblix  last  week 
is  the  latest  example  of  an  independent  identity- 
management  product  vendor  becoming  part  of  a 
larger  software  vendor. 

“Clearly  the  big  boys  are  all  getting  positioned  to 
compete  in  the  large  integrated  suite  space,”  says 
one  Oblix  customer  who  asked  not  to  be  named. 

While  industry  observers’  opinions  differ  on 
whether  identity  management  and  security  systems 
and  other  management  tools  will  be  sold  together  in 
suites,  they  agree  that  integration  among  all  these 
technologies  is  happening.  The  identity  manage¬ 
ment  portion  of  such  suites  would  include  tools  for 
functions  such  as  Web  access  management,  provi¬ 
sioning,  identity  federation  and  password  manage¬ 
ment. 

The  rush  by  major  vendors  to  buy  or  build  identity 
management  platforms  has  been  driven  by  the 
growing  importance  of  such  technology  to  cus¬ 
tomers  looking  to  secure  their  digital  resources  and 
distributed  applications,  and  comply  with  regulatory 


legislation  such  as  Sarbanes-Oxley 

BMC  Software,  Computer  Associates,  HP  IBM, 
Microsoft  and  Sun  are  among  other  companies  that 
have  at  least  in  part  bought  their  way  into  this  field. 
Other  big-name  companies,  such  as  Novell  and  RSA, 
mostly  are  developing  software  in-house. 

In  buying  Oblix,  Oracle  is  obtaining  Web  access 
management,  identity  federation  and  Web  services 
management  software. The  acquisition  helps  Oracle 
fill  out  its  identity  lineup,  which  it  plans  to  deeply 
integrate  with  its  enterprise  applications  business, 
recently  acquired  BeopleSoft. 

Also  last  week,  CA  bought  technology  from 
InfoSec  that  automates  the  elimination  of  old  user 
accounts  and  other  outdated  identity  information 
from  corporate  systems.  CA  last  year  bought 
Netegrity  another  company  in  this  market. 

While  the  pace  of  consolidation  has  been  steady 
the  past  two  years,  specialized  companies  in  this 
market  have  been  getting  bought  out  since  1999, 
when  Microsoft  acquired  Zoomit,  a  meta-directory 
product  company  Zoomit’s  software  has  morphed 
into  Microsoft  Identity  Integration  Server,  one  of  the 
cornerstones  of  the  company’s  identity  strategy 

Senior  Editor  Denise  Dubie  contributed  to  this  story. 


Acquisition  score  card 


Consolidation  in  the  identity  management  market  has  heated  up  of  late,  though  major 
vendors  have  been  acquiring  technologies  to  build  suites  in  this  area  for  years. 


Vendor  Company  acquired/year 

BMC  Calendra  —  2005 

Open  Networks  —  2005 
Computer !  Netegrity/Business  Layers  — 
Associates  InfoSec  (Aquired  technology)  - 
HP  SelectAccess  from  Baltimore 

Technologies  —  2003 
TruLogica  —  2004 
IBM  Dascom  — 1999 

Access  360  —  2002 
MetaMerge  —  2002 
Microsoft  Zoomit — 1999 
Oracle  Phaos  —  2004 

j;  Oblix/Confluent  —  2005 


RSA 
Sun 


SISpi 


SBS 


Securant  —  2001 
Innosoft  — 2000 
Waveset  —  2003 


Technology 

Provisioning 

Web  access  management 

2004  Web  access  management/  provisioning 
2005  j  Provisioning 

Web  access  management 

Provisioning 

Web  access  management 
Provisioning 
Meta-directory 
Meta-directory 
Federation 

Web  access  management  /federation/Web  services 
management 
Web  access  management 
Directory  services 
Provisioning 
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Cisco  reportedly  readying  XML  switch 


II  Where  we  really  see  our¬ 
selves  going  is  toward  lull 
message-based  routing  of 
things  like  XML  messages  or 
MQ  messages.  11 

Charles  Giancarlo 

CTO,  Cisco 


m  BY  PHIL  HOCHMUTH 

Cisco  is  expected  to  enter  the 
emerging  market  of  XML  network 
gear,  as  the  company  reportedly  is 
preparing  a  device  that  can  accel¬ 
erate  XML  and  other  message- 
based  traffic. 

The  XML  product  is  being  devel¬ 
oped  by  a  Cisco  project  called 
AON,  or  application-oriented  net¬ 
working,  according  to  press  re¬ 
ports  last  week,  with  products  ex¬ 
pected  to  surface  in  the  second 
quarter.  The  technology  would 
speed  traffic  for  applications  that 
rely  heavily  on  message-based 
communications,  such  as  Web 
services  applications  that  use 
XML,  or  other  application  mes¬ 
sage  formats  such  as  IBM’s  MQ 
technology 

Cisco  isn’t  commenting  on  its 
plans,  but  the  idea  of  tying  its  net¬ 
work  gear  more  closely  to  mes¬ 


sage-based  application  traffic  is 
something  the  vendor  has  talked 
about  publicly. 

“We  have  an  endless  opportuni¬ 
ty  to  migrate  features  from  operat¬ 
ing  systems  and  applications  into 
the  network,”  said  Charles  Gian¬ 
carlo,  Cisco  CTO,  while  speaking 
at  the  vendor’s  December  2004 
analyst  conference.  “Today  we  do 
packet-level  routing.  Where  we 
really  see  ourselves  going  is 
toward  full  message-based  rout¬ 
ing  of  things  like  XML  messages 
or  MQ  messages.” 

This  idea  plays  off  the  growth  of 
service-oriented  architectures 
(SOA)  —  a  method  of  using  a 
common  messaging  protocol  to 
tie  together  disparate  applica¬ 
tions  and  systems,  such  as  legacy 
applications,  with  newer  ERP  and 
CRM  systems.  Web  services  tech¬ 
nology,  such  as  Microsoft  .Net 
and  Sun’s  Java  Enterprise  System 


Suite,  use  XML  as  this  common 
protocol.  In  a  survey  last  year  of 
473  corporate  IT  buyers  done  by 
The  Yankee  Group,  75%  said  they 
planned  to  buy  hardware  and 
software  and  hire  programmers 
for  implementing  an  SOA. 

Cisco  would  be  entering  a  mar¬ 
ket  where  several  start-ups  have 
established  themselves.  Conform- 


ative,  DataPbwer  and  Sarvega 
make  network  appliances  and 
software  that  can  quickly  parse 
XML  messages  as  they  come  in, 
redirect  traffic,  apply  QoS  settings 
or  speed  the  processing  of  en¬ 
crypted  XML  data.  ,. 

One  analyst  says  the  prolifera¬ 
tion  of  software  that  communi¬ 
cates  via  XML  or  another  messag¬ 


ing  scheme  requires  switching 
and  routing  that  can  accommo¬ 
date  the  bulkier  network  payload 
these  applications  produce. 

“It’s  no  longer  good  enough  for 
[a  piece  of  network  equipment] 
to  know  what  IP  address  or  what 
TCP  port  an  application  is  trying 
to  reach”  says  Ron  Schmelzer,  a 
senior  analyst  at  Zapthink.This  is 
because  all  XML  traffic  is  IP  based 
and  looks  the  same,  even  to  more 
advanced  Layer  4-7  switching 
gear.  “If  you  want  to  secure  XML 
traffic,  or  apply  QoS  or  change 
message  headers,  you  actually 
have  to  process  the  message 
itself,”  he  says. 

Schmelzer  estimates  that  the 
market  for  XML  acceleration  tech¬ 
nology  is  about  $30  million  to  $50 
million  —  minuscule,  compared 
with  the  $  1-billion-plus  switching, 
VoIP  and  security  businesses 
Cisco  deals  in.  But  Cisco’s  en¬ 
trance  could  give  the  emerging 
XML  market  a  boost  by  legitimiz¬ 
ing  the  sector. 

“There  are  companies  that  are 
waiting  to  see  what  the  bigger 
players  are  going  to  do  in  this 
market,”  he  says.  A  Cisco  XML 
offering  could  be  attractive  if  the 
vendor  can  integrate  the  tech¬ 
nology  into  a  switch  or  router  via 
a  service  blade  —  as  it  has  done 
with  VoIP  VPNs,  wireless  LANs 
and  other  technologies.  “Some 
people  don’t  want  another  appli¬ 
ance  on  their  network.” 

One  early  adopter  of  XML. accel¬ 
eration  is  LeaderPhone,  a  pro¬ 
vider  of  teleconferencing  and 
online  collaboration  services.The 
company  has  relied  heavily  on 
XML  for  designing  its  application 
interface,  which  lets  it  run  on  any 
device,  from  a  BlackBerry  to 
PDAs  and  any  PC-based  Web 
browser,  the  firm  says.  Leader- 
Phone  uses  appliances  from 
DataFower  to  accelerate  the  pro¬ 
cessing  of  XML  traffic.  This  has 
helped  offload  the  work  done  by 
the  company’s  application 
servers  by  more  than  80%,  says 
LeaderPhone  CTO  Jeff  Lamb. 

“There  isn’t  a  technology  prob¬ 
lem  I  have  [in  the  area  of  XML 
processing]  where  I  think  Cisco 
could  do  a  better  job,”  Lamb  says. 
However,  he  adds  that  because 
Leader-Phone  uses  Cisco  for 
Layer  2-4  switching  and  routing, 
he  will  pay  attention  to  any  XML- 
related  offerings  the  vendor  has. 

“I’m  an  entrepreneurial 
American,”  he  says.  “If  they  have 
something  cheaper  and  faster,  I’ll 
try  it.”  ■ 


Microsoft  beefs  up  SQL  Server  database 


■  BY  ANN  BEDNARZ 

Microsoft  last  week  shared  details  about  the 
business  intelligence  features  it  is  adding  to 
the  forthcoming  SQL  Server  2005  database, 
code-named  Yukon.  New  data  integration, 
analysis  and  reporting  tools  are  intended  to 
help  companies  glean  information  from  trans¬ 
actional  systems  without  requiring  third-party 
analytics  software. 

The  goal  is  to  deliver  busi¬ 
ness  intelligence  to  the 
masses,  company  execu¬ 
tives  said  in  a  call  with  ana¬ 
lysts  last  week.  Microsoft 
wants  to  overcome  the  per¬ 
ception  that  business  intel¬ 
ligence  tools  are  costly  and 
difficult  to  use,  said  Alex 
Payne,  senior  product  man¬ 
ager  for  SQL  Server. 

The  new  version  of  SQL 
Server  with  the  analytic  fea¬ 
tures  is  due  in  the  second 
half  of  the  year  and  will  be 
sold  in  four  editions:  express,  workgroup, stan¬ 
dard  and  enterprise.  It’s  the  first  big  overhaul 
of  the  SQL  Server  database  in  five  years.  The 
upgrade  includes  a  broad  range  of  perfor¬ 
mance,  management  and  development 
enhancements,  along  with  the  analytic 
improvements,  and  will  be  priced  up  to  25% 
higher  than  its  predecessor,  SQL  Server  2000. 

“It’s  a  big,  big,  big  release,” says  Chris  Alliegro, 
a  lead  analyst  at  Directions  on  Microsoft,  an 
independent  research  firm.  “Microsoft  has 
been  working  on  it  for  quite  a  long  time.” 

The  express  and  workgroup  editions  will 
offer  limited  reporting  tools,  but  the  bulk  of 


business  intelligence  features  are  reserved  for 
the  standard  and  enterprise  editions. 

Standard  and  enterprise  include  an  online 
analytic  processing  engine  and  an  integrated 
development  environment  for  building  data 
integration,  online  analytical  processing,  data 
mining  and  reporting  applications. 

One  key  feature,  available  only  in  the  enter¬ 
prise  edition,  is  an  ad  hoc  query  and  reporting 
tool  called  Report  Builder 
that  uses  technology  Micro¬ 
soft  gained  in  its  2004  pur¬ 
chase  of  Active  Views.  It 
allows  end  users  to  modify 
or  build  new  reports  with¬ 
out  having  to  know  stan¬ 
dard  query  languages. 
“We’ve  taken  away  the  need 
to  understand  the  details  of 
the  database,”  said  Bill 
Baker,  general  manager  of 
Microsoft’s  SQL  Server  busi¬ 
ness  intelligence  unit. 

A  feature  Microsoft  is  call- 
ing“infinite  drilldown, "avail¬ 
able  only  in  the  enterprise  edition,  adds  to  the 
ad  hoc  reporting  capabilities.  Users  can  click 
on  a  number  in  a  report  to  see  greater  detail 
about  how  the  number  was  derived,  generat¬ 
ing  another  report  without  even  thinking 
about  it,  Baker  said. 

While  the  data  integration,  analysis  and 
reporting  components  are  bundled  into  SQL 
Server  2005,  analysts  caution  that  taking 
advantage  of  the  features  may  require  compa¬ 
nies  to  run  more  than  one  instance  of  SQL 
Server.“A  large  IT  shop  isn’t  going  to  burden  an 
operational  database  by  trying  to  run,  say,  the 
reporting  services  on  that  database.  It  would 


require  a  separate  server^  Alliegro  says. 

Microsoft  has  been  adding  analytic  capabili¬ 
ties  to  SQL  Server  since  the  late  1 990s,  but  SQL 
Server  2005  represents  its  most  concerted 
effort  to  incorporate  enterprise-class  business 
intelligence  features,  he  says. 

“With  the  previous  iterations,  Microsoft 
might  have  had  a  hard  time  making  a  case 
against  a  big  power  player  like  Informatica  in 
enterprise-class  data  integration, "Alliegro  says. 
“But  Microsoft  has  steadily  and  incrementally 
improved  the  features  in  these  products.  It’s 
now  at  a  very  attractive  price  point,  and  from 
a  features  standpoint,  it’s  starting  to  become 
fairly  competitive  with  the  bigger  power  play¬ 
ers  in  the  market.” 

Microsoft  isn’t  alone  in  looking  to  capitalize 
on  demand  for  analytics  software.  Over  the 
last  few  years,  application  vendors  have  incor¬ 
porated  business  intelligence  features  into 
their  suites.  For  example,  Siebel  in  October 
unveiled  financial,  workforce,  supply  chain 
and  customer  analytic  applications. 

Likewise,  database  vendors  have  been 
bundling  in  more  business  intelligence  capa¬ 
bilities.  IBM  last  month  announced  plans  to 
buy  Ascential  Software  for  $1.1  billion  to  bol¬ 
ster  its  data  management  portfolio,  and  Oracle 
in  the  fall  bolstered  the  analytic  tools  includ¬ 
ed  in  its  lOg  database  platform. 

But  among  companies  planning  to  buy  tools 
in  the  next  12  months,  61%  plan  to  purchase 
from  pure-play  business  intelligence  vendors 
such  as  Cognos,  Business  Objects  or  Hyper¬ 
ion,  according  to  a  survey  of  100  IT  managers 
by  Goldman  Sachs.  Only  12%  will  purchase 
from  a  database  vendor,  while  27%  will  pur¬ 
chase  from  enterprise  application  vendors 
such  as  SAP  and  Siebel.  ■ 


of  companies  plan  to 
purchase  business 
intelligence  tools  in  the 
next  12  months, 
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MIDDLEWARE  IS  IBM  SOFTWARE.  The  IBM  I 

TotalStorage®  Open  Software  Family.  It  automatically 
helps  manage  and  optimize  highly  complex  storage  j? 
environments.  By  centralizing  information.  By  fully  utilizing  | 

resources.  By  simplifying  data  compliance.  Help  slash  | 
long-term  storage  costs.  On  demand.  Comprehensive,  \ 
reliable  storage  management  solutions  from  IBM  j 

1.  Statistics  from  Asia  retrieved  quickly. 

2.  Paris  client’s  portfolio  accessed  securely. 

3.  Critical  information  archived  automatically. 

4.  Data  kept  within  compliance  guidelines. 

5.  Optimized  storage  supports  heavy  volume. 
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II  Microsoft  is  going  to  end 
up  setting  the  standards  due 
to  its  market  power  and 
ability  to  litigate.91 

Mark  Rasch 

Chief  security  counsel,  Solutionary 


Adware 

continued  from  page  1 

“We’re  living  to  be  objective  in 

the  reasons  a  vendor  is  included 
as  spyware"  says  Tori  Case,  direc¬ 
tor  of  eTrust  security  manage¬ 
ment  at  CA.  The  criteria  for  spy- 
ware  are  based  on  the  privacy 
security  and  performance  im¬ 
pact  that  code  has  on  computers 
and  networks,  she  says.  Suspen¬ 
ding  detection  of  the  Claria  ad¬ 
ware  during  the  formal  appeals 
process  is  standard  procedure, 
Case  says,  adding  CA  was  disclos¬ 
ing  the  situation  for  the  sake  of 
“transparency”  to  customers  and 
the  rest  of  the  industry  Yahoo’s 
anti-spyware  service  is  based  on 
the  PestPatrol  product. 

For  its  part,  Claria  said  in  a  state¬ 
ment:  “We  have  initiated  a  dia¬ 
logue  with  Computer  Associates 
about  what  we  believe  to  be 
issues  in  the  way  their  PestPatrol 
product  informs  consumers 
about  Gain  software  on  con- 

4.6 

million 

desktop  scans  by 
EarthLink  last  year 
yielded  an  average  of  25 
spyware  instances, 
with  the  vast  majority 
adware. 


sumers’  desktops." 

Other  adware  marketing  firms 
also  are  vehemently  objecting  to 
being  classified  as  spyware  and 
are  fighting  to  be  removed  from 
the  target  lists  of  anti-spyware 
software.  As  the  disputes  gain 
steam,  lawyers  on  both  sides  are 
getting  ready  to  rumble. 

A  company  called  180solutions 
makes  search-assistance  software 
called  Zango  that  shows  ads  to 
users.  Within  the  past  month,  the 
company  sent  letters  to  several 
anti-spyware  vendors  demanding 
that  they  drop  180solutions  from 
their  spyware  databases. 

180solutions,  a  privately  held 
company  that  recovered  from 
near-bankruptcy  a  few  years  ago 
to  claim  $50  million  in  revenue 
and  250  employees  at  the  end  of 
last  year,  is  telling  the  anti-spy- 
ware  vendors,  including  Sunbelt 
Software,  Webroot  Software, 
Aluria,  InterMute  and  Microsoft, 
to  back  down. 

“They  make  money  removing 
applications  such  as  ours,”  says 


Todd  Sawicki,  senior  director  of 
marketing  at  180solutions. 
“They’re  making  false  representa¬ 
tion  about  us  as  a  business.  What 
we  don’t  like  is  they’re  making 
egregious,  overwrought  state¬ 
ments.  They’re  scaring  users.  We 
want  them  to  know  we’re  safe 
and  we  represent  no  threat.” 

Security  experts  criticize  ad¬ 
ware  because  it  typically  works 
by  tracking  users’  Web  activity  an 
action  regarded  as  a  compromise 
to  privacy  In  addition,  multiple 
types  of  adware  crowding  onto  a 
machine  can  cause  slowdowns 
and  even  crashes. 

Sawicki  says  there  are  “truly 
malicious  evil  actors  out  there” 
with  code  that  should  be  detect¬ 
ed  and  eradicated  because  it 
undermines  user  privacy  and 
security  —  he  named  CoolWeb- 
Search  as  one  —  but  he  insists 
that  180solutions  is  not  among 
them. 

“It’s  the  language  and  the  [cate¬ 
gorization  as]  spyware,”  he  adds. 
“We  have  the  firm  belief  that  the 
person  has  the  right  to  choose 
what’s  on  the  machine.  We’re  not 
so  different  from  a  media  compa¬ 
ny  like  NBC.  They  make  money 
showing  ads  and  so  do  we.” 

If  the  anti-spyware  vendors 
don’t  stop  treating  the  180solu- 
tions  code  as  spyware,  the  adware 
vendor  “reserves  the  right  to  pur¬ 
sue  legal  alternatives,”  Sawicki 
says.“It’s  worth  a  battle.” 

Microsoft  enters  the  action 

According  to  Sawicki,  Microsoft, 
one  of  the  newest  entrants  in  the 
anti-spyware  market,  also  is  mak¬ 
ing  false  and  misleading  state¬ 
ments  about  180solutions.  His 
company  fears  that  Microsoft 
could  use  its  power  on  the  desk¬ 
top  to  shut  out  adware  firms. 

Microsoft  declined  to  comment 
on  the  dispute,  and  the  legal 
issues  involved  remain  murky 

Attorney  Mark  Rasch,  senior 
vice  president  and  chief  security 
counsel  at  security  firm  Solution¬ 
ary,  says  the  claims  of  the  adware 
vendors  revolve  around  the  legal 


notion  of  libel  and  defamation. 
He  says  the  adware  firms  believe 
“the  anti-spyware  vendors  make  a 
decision  that  puts  these  compa¬ 
nies  out  of  business.” 

He  points  out  that  the  word 
“spyware”  has  no  established 
legal  definition  or  prohibitions 
associated  with  it,  other  than  one 
Utah  law.  There  is  legislation 
pending  in  Congress. 

If  this  battle  does  go  to  court, 
Microsoft,  with  its  vast  resources, 
will  have  the  best  chance  of 
standing  up  to  a  legal  challenge, 
Rasch  adds.  “Microsoft  is  going  to 
end  up  setting  the  standards  due 
to  its  market  power  and  ability  to 
litigate,”  he  says. 

According  to  180solutions,  the 
anti-spyware  vendors  are  not  the 
only  parties  unfairly  maligning  its 
product.  Sawicki  also  reserves 
criticism  for  network  managers 
who  complain  about  adware  and 
are  clamoring  for  anti-spyware 
software.  “These  network  man¬ 
agers  are  fear-mongering,  too,  be¬ 
cause  it  helps  them  get  more  bud¬ 
get,”  he  says. 

Predictably,  it  is  an  accusation 
that  raises  the  hackles  of  network 
professionals. 

Bonnie  Norman,  systems  secur¬ 
ity  engineer  at  Wellstar  Health 
System,  says  unwanted  spyware 
programs  are  clogging  the  hospi¬ 
tal’s  computers  and  networks. 
Sometimes  computers  have  to  be 
totally  re-imaged  because  they 
are  so  gummed  up  with  various 
types  of  code  that  medical  per¬ 
sonnel  download  without  under¬ 
standing  the  consequences. 

“With  spyware,  they’re  looking 
at  our  computers  to  see  what’s  in 
it,”  Norman  says.  “They’re  stealing 
our  bandwidth.  They’re  using 
social  engineering  to  get  people 
to  download  their  software.” 

Norman  says  she  was  surprised 
to  hear  that  CAs  PestPatrol  at  one 
point  wasn’t  blocking  Claria’s 
Gator  eWallet,  which  she  says  her 
company  strives  to  eliminate.  The 
hospital  blocks  spyware  at  the 
gateway  using  a  TippingPbint 
Technologies  intrusion-prevention 


system  and  is  looking  at  deploying 
the  McAfee  desktop  anti-spyware 
product  later  this  spring. 

Some  of  the  anti-spyware  ven¬ 
dors  say  the  barrage  of  adware 
complaints  is  eating  into  their 
time  and  resources. 

“They  constantly  have  their 
attorneys  sending  us  letters,”  says 
Richard  Stiennon,  director  of 
threat  research  at  Webroot.  “They 
cite  unfair  business  practices  and 
libel.”  To  date,  Webroot  has  not 
removed  detection  for  code 
under  pressure  from  adware  ven¬ 
dors.  But  Stiennon  says  he  sees  a 
legal  confrontation  approaching. 

Adware  firms  use  pressure 

Stu  Sjouwerman,  COO  at  Sun¬ 
belt,  which  makes  CounterSpy 
Enterprise,  says  180solutions  uses 
high-pressure  tactics  to  be 
removed  from  the  spyware  data¬ 
base.  “They’re  saying,  ‘We’re  legit, 
aboveboard  and  we’re  the  good 
guys’” Sjouwerman  says.  . 

As  part  of  the  dispute,  180solu- 
tions  pressured  Sunbelt  to  re¬ 
move  a  white  paper  analysis  of 
the  180solutions  software  from 
the  Web.  Sunbelt  did  so,  claiming 
the  move  was  legally  prudent 
under  the  circumstances. 

Sjouwerman,  who  notes  that 
CounterSpy  simply  flags  code 
and  users  can  decide  to  delete  it 
or  not,  says  adware  vendors  are 
becoming  “intimidating." 

“A  lawsuit  is  a  potential  that 
could  cost  us  a  few  hundred 
grand  to  defend  ourselves,”  he 
says. 

Anti-spyware  software  vendor 
InterMute  also  is  in  a  dispute  with 
180solutions.  InterMute’s  director 
of  threat  research,  Anthony  Arrott, 
says  there’s  been  a  sharp  upturn  in 
complaints  from  adware  firms, 
with  about  one  per  week  asking 
for  exemption  from  spyware 
detection. 

“The  most  pernicious  part 
about  it  is  they  can  eat  up  our 
resources  in  just  processing  these 
claims,  leaving  us  with  less  to  find 
new  spyware,”  Arrott  says.  ■ 


Corn  ctions 


■  The  test  “Picking  up  VoIP- 
specific  tools  for  the  network 
management  workbench" 
(March  28,  page  49)  should 
have  listed  ClearSight’s  Web 
site  as  www.clearsightnet.com, 

■  The  letter  "AT&T  responds" 
(March  28,  page  42)  should 
have  stated  the  company  had 
S65  billion  in  debt. 
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Securing  compliance 

Security  and  configuration  management  vendors  are  attempting  to  address  enterprise 
IT  managers’  compliance  concerns. 


Vendor  j  Product  Purpose 


Elemental  Security 

Elemental  Compliance 
System 

Security  compliance  policy 
creation,  monitoring  and 
remediation. 

|  $100,000 

T'  ■  >  v'  • ' 

elQNetworks 

Network  Security  Analyzer 

Real-time  security  event 
capturing,  filtering,  monitoring 
and  reporting. 

$895  per 
network  device 

1 

Procera  Networks 

OptimalP  Compliance 
Executive 

Corporate  governance  policies 
and  compliance  processes 
enforcement  through  control  over 
employees’  application  usage 

$8,000 

Network  Intelligence 

enVision 

Real-time  security  event 
capturing,  filtering,  monitoring 
and  reporting. 

I  $50,000 

Compliance 

continued  from  page  1 

elQNetworks  and  Procera 
Networks  hope  to  ease. 

“IT  managers  need  to  have  on¬ 
going  visibility  into  their  compli¬ 
ance  levels  to  avoid  drifting  out  of 
compliance  over  the  course  of  six 
months  or  so,” says  Scott  Crawford, 
a  senior  analyst  with  Enterprise 
Management  Associates.  “No  one 
wants  to  have  a  big  compliance 
project  every  year.  Security  and 
policy  management  products  can 
automate  parts  of  the  ongoing 
monitoring  and  enforcement  of 
compliance  policies.” 

Start-up  Elemental  Security  this 
week  is  scheduled  to  launch  its 
Elemental  Compliance  System, 
software  that  the  company  says 
combines  policy-creation  tools 
with  ongoing  monitoring  and  en¬ 
forcement  features.  The  software, 
developed  by  company  co¬ 
founder  and  IT  security  guru  Dan 
Farmer  and  Python  script  author 
Guido  van  Rossum,  can  be  cus¬ 
tomized  to  work  with  a  variety  of 
platforms  and  applications. 

“It’s  not  a  tool  specific  to  one 
type  of  vertical  application.  It  can 
work  with  what  1  have  without  me 
having  to  go  to  my  application 
vendors  and  get  them  to  rewrite 
their  code  for  compliance,”  says 
Doug  Torre,  director  of  network¬ 


ing  and  technical  services  at 
Catholic  Health  System,  an  inte¬ 
grated  healthcare  delivery  net¬ 
work  in  and  around  Buffalo,  N.Y 
He  is  piloting  the  product  to 
determine  if  it  will  help  him 
maintain  compliance  policies 
across  healthcare-specific  appli¬ 
cations. 

The  system  uses  a  combination 
of  server  software  and  agents  dis¬ 
tributed  on  servers,  desktops  and 
laptops.  The  server  maintains  the 
library  of  policies,  and  the  agents 
monitor  devices,  reporting  any 
changes  from  the  established 
baseline  to  ensure  compliance. 

The  product  comes  with  tools 
to  create  policies  for  heteroge¬ 
neous  environments,  including 
Unix  and  Windows.  Templates 
and  scripts  let  even  inex¬ 
perienced  administrators  create 
policies  on  multiple  systems  with¬ 
out  platform-specific  knowledge, 
the  company  says. 

Once  deployed,  the  software 
assesses  compliance  on  a  regular 
basis  and  offers  tips  to  mitigate 
potential  problems,  such  as  dis¬ 
covery  of  an  unauthorized  laptop 
attempting  to  access  a  network  or 
a  sales  employee  accessing  an 
accounts  payable  application. 

“Instead  of  an  annual  baseline 
or  periodic  security  check,  this 
software  shows  us  in  nearly  real 
time  what  isn’t  compliant  and 


even  enforces  policies,”  Torre  says. 
He  now  can  dedicate  less  of  his 
tightly  stretched  security  budget 
to  maintaining  compliance. 

While  Torre  says  he’s  not  thrilled 
with  distributing  additional 
agents,  which  requires  configur¬ 
ing  and  deploying  them  to  target¬ 
ed  machines.  But  he  says  the  idea 
of  blocking  traffic  or  isolating 
non-compliant  systems  —  a  fea¬ 
ture  made  possible  by  the  traffic 
analysis  capabilities  of  the  agents 
—  is  a  worthwhile  trade-off. 
“These  are  applications  we  can’t 


easily  control,  but  a  software  over¬ 
lay  like  this  could  let  us  evaluate 
and  assess  what  they  are  doing 
on  the  network.” 

Another  relative  newcomer,  Pro¬ 
cera  is  scheduled  to  unveil  this 
week  an  appliance  designed  to 
intelligently  monitor  traffic  for 
compliance  with  security  poli- 
cies.The  OptimlP  Compliance  Ex¬ 
ecutive  appliance  sits  near  a 
router  or  firewall  at  the  edge  or 
the  core  and  monitors  traffic. 

The  company  says  the  device 
can  block  non-sanctioned  Inter¬ 
net  communications  such  as 
Web-based  e-mail  and  instant 
messaging,  mirror  e-mail  and 
other  electronic  communications 
to  a  centralized  storage  system, 
and  enable  undetectable  surveil¬ 
lance  of  online  activity  Procera 
offers  an  add-on  to  let  IT  shops 
monitor  users  without  detection. 

Separately,  elQNetworks  this 
week  is  set  to  make  available  Net¬ 
work  Security  Analyzer  (NSA), 
which  the  company  says  includes 
features  such  as  log  collection, 
compression,  encryption  and 
data  archiving. 

For  one  network  manager,  who 
wished  to  remain  anonymous, 
the  NSA  compliance-reporting 
capabilities  were  an  added  bon¬ 
us.  His  company  a  billion-dollar 
holding  company  in  the  manu¬ 
facturing  sector,  uses  28  firewalls, 
which  generate  1G  byte  of  logs 
per  day 

“A  security  event  can  trigger 
50,000  lines  of  logs,  and  it’s  diffi¬ 
cult  to  search  those  for  the  rele¬ 
vant  data,”  he  says.  “With  the  NSA 
software,  I  save  at  least  eight  hours 
per  week  reviewing  logs  for  po¬ 
tential  problems.  I  can  do  specific 
searches  and  narrow  down  what 
happened  to  generate  the  data.” 

The  software,  which  runs  on 
Windows  servers,  uses  syslog  col¬ 


lection  techniques  and  APIs  to 
build  links  into  systems  and  gath¬ 
er  data  across  security  and  net¬ 
work  devices.  The  product  also 
includes  compliance  reports  cus¬ 
tom-designed  to  meet  multiple 
regulatory  auditor  requirements. 

“I  am  able  to  show  auditors 
complete  and  repetitive  reports 
tor  our  Sarbanes-Oxleyf  he  says. 
“Instead  of  me  wondering  when 
was  the  last  time  I  looked  at  the 
firewall  report,  I  can  just  get  the 
e-mails  sent  to  me  and  keep  a 
running  record.” 

ElQNetworks  competitor  Net¬ 
work  Intelligence  last  week  an¬ 
nounced  the  third  in  its  series  of 
compliance  modules  that  work 
with  the  company’s  flagship  en¬ 
vision  security  event  manage¬ 
ment  software.  This  software  is 
packaged  in  an  appliance  dub¬ 
bed  the  Network  Intelligence  En¬ 
gine  that  monitors  data  created 
by  network  devices  and  applica¬ 
tions,  and  alerts  users  of  potential 
compliance  and  security  issues. 

The  new  module  is  a  cus¬ 
tomized  SOX  404  report  that  pro¬ 
vides  a  mechanism  for  monitor¬ 
ing  and  reporting  on  data  associ¬ 
ated  with  financial  controls,  the 
company  says.  The  company 
already  offers  reporting  packages 
for  HIPAA  and  Gramm-Leach- 
Bliley  The  new  module  is  avail¬ 
able  free  to  all  active  customers. 

Jon  Oltsik,  an  analyst  of  infor¬ 
mation  security  at  Enterprise 
Strategy  Group,  says  even  a 
reporting  package  can  ease  the 
burden  of  maintaining  compli¬ 
ant  systems. 

“The  products  use  information 
they  already  have,  but  they  go  a 
long  way  to  bridge  the  gap  be¬ 
tween  raw  data  and  regulatory- 
specific  reports.  They  can  auto¬ 
mate  parts  of  the  auditing  process 
for  IT  shops,”  he  says.  ■ 


IBM/Lotus  embraces  telephony 


■  BY  JOHN  FONTANA 

IBM/Lotus  this  fall  plans  to  offer  technology  that 
will  enable  users  to  integrate  VoIP  or  any  other  tele¬ 
phony  service  with  their  collaboration  applications. 

The  service  provider  interface  (SPI)  is  largely 
designed  for  service  providers  and  vendors,  al¬ 
though  it  could  be  used  by  corporate  application 
developers,  too.  It  could  be  applied,  for  example,  to 
provide  telephony  features  for  Web  conferences, 
such  as  to  dial  people  into  a  conference,  mute 
lines,  hang  up  and  see  an  indicator  online  that  pin¬ 
points  who  is  talking. 

The  SPI  is  expected  to  work  with  IBM/Lotus  Instant 
Messaging  and  Web  Conferencing  Server,  Domino 
and  eventually  the  Java-based  Workplace  platform. 

David  Marshak,  senior  product  manager  for  real¬ 
time  collaboration  and  team  collaboration  at  IBM, 
says  the  SPI  would  let  users  integrate  Web  confer¬ 
encing  with  current  telephony  infrastructures  re¬ 
gardless  of  the  provider. 

IBM/Lotus  today  otters  a  plug-in  called  the  Web 
Conferencing  Audio  Adapter  for 
Premiere  Conferencing,  a  propri¬ 
etary  interface  that  routes  all  tele¬ 
phony  services  in  the  IBM  Web 
conferencing  platform  through 
third-party  service  provider  Pre¬ 
miere  Conferencing. 

The  IBM/Lotus  move  comes  as 


rival  Microsoft  is  adding  telephony  features  to  its 
Live  Communication  Server  2005  and  its  new 
Office  Communicator  client.  The  Microsoft  client, 
however,  focuses  on  adding  more  phone-like  fea¬ 
tures  to  the  desktop.  Communicator,  when  integrat¬ 
ed  with  a  PBX,  can  be  used  for  call  control.  Micro¬ 
soft  is  working  with  partners  Siemens  and  Alcatel’s 
Genesys. 

“What  IBM  is  doing,  along  with  Microsoft  and  oth¬ 
ers,  is  at  long  last  making  audio  conferencing  and 
traditional  telephony  something  that  really  does  fit 
naturally  inside  real-time  collaboration  tools,”  says 
Peter  O’Kelly,  an  analyst  with  Burton  Group.  “You 
will  see  similar  things  that  IBM  is  doing  now  from 
Microsoft,  given  the  work  they  are  doing  with  dif¬ 
ferent  PBX  vendors.” 

The  IBM/Lotus  SPI  would  let  users  configure  their 
software  to  link  into  specific  services  automatical¬ 
ly  or  on  a  case-by-case  basis. 

IBM’s  Marshak  says  independent  software  devel¬ 
opers  and  corporate  developers  can  use  the  same 
SPI  and  IBM/Lotus  support  for  Session  Initiation 
Protocol  and  SIP  for  Instant  Mes¬ 
saging  and  Presence  Leveraging 
Extensions  to  build  more  sophis¬ 
ticated  telephony  features  on 
top  of  Web  conferencing  and 
instant  messaging,  such  as  using 
SIP  integration  with  an  IM  buddy 
list  for  a  “click  to  call”  interface.* 


Applications 
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Enhancing  HP  ProLiant  servers 
with  innovative  technologies 

Organizations  are  under  growing  pressure  to  support  non-stop  business 
operations  without  increasing  the  IT  budget.  Given  their  position  at  the 
center  of  the  IT  infrastructure,  servers  play  a  critical  role  in  determining 
both  the  overall  availability  as  well  as  the  total  cost  of  ownership  of 
that  infrastructure. 


the  IT  imperative 
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To  ensure  high  availability,  a  server  must  proactively  respond  to 


failures,  both  within  the  server  and  the  network  to  which  it  is  attached. 


High  availability  requires  that  a  system  administrator  manage  a  server 
without  having  to  be  colocated  with  that  server,  and  that  the  server 
remain  available  while  a  failed  component  is  repaired. 

Intel”  PRO 

Network  Connections 


invent 
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many  factors 

combine  to  influence  server 

availability.  HP  and  Intel  are  developing 
sophisticated  technologies  like  redundant 
Ethernet  connections  and  network  adapter 
teaming  that  enhance  server  availability 
and  enable  IT  organizations  to  satisfy 
today's  business  requirements. 


redundant  Ethernet 
connections 

Server  adapters  act  as  an  interface  between 
the  server  and  the  network.  Therefore,  they 
play  a  critical  role  in  determining  server 
availability  and  performance. 

Some  server  adapter  features  are 
based  on  industry  standards.  These  include 
flow  control  (IEEE  802. 3x*),  VLAN  tagging 
(IEEE  802. IQ*)  and  link  aggregation 
(IEEE  802. 3ad*).  Other  influences  are 
vendor  specific,  such  as  the  amount 
of  onboard  memory  and  the  operating 
systems  supported. 

To  address  slot-constrained 
environments,  server  adapters  offer 
multiple  ports.  Multiple  port  server  adapters 
allow  IT  organizations  to  meet  current 
demands  like  segmenting  the  LAN  to 
reduce  network  bottlenecks.  In  addition, 
multiple  port  server  adapters  enable  fault 
tolerance  to  maintain  server  availability  by 
rerouting  traffic  to  another  port  if  a 
problem  develops  on  the  network. 


w 


Multiple  port  server  adapters  enable 
IT  organizations  to  respond  to  industry 
trends,  such  as  server  consolidation  and 
virtualization,  that  are  driving  the  need  for 
more  network  ports.  These  are  also  required 
to  accommodate  virtual  servers  while 
supporting  segmentation  and  fault  tolerance. 


ProLiant  servers  support  multiple 
port  server  adapters.  The  HP  NC6170  and 
NC7170  Gigabit  Ethernet  server  adapters 
with  Intel  technology  offer  128  KB  of 
onboard  memory,  which  leads  to  enhanced 
performance.  Flexibility  is  increased  because 
these  adapters  support  copper  and  fiber 
optic  interfaces,  as  well  as  Ethernet,  Fast 
Ethernet  and  Gigabit  Ethernet  connections. 
The  HP  NC6170  and  NC7170  improve 


scalability  by  doubling  the  number  of  ports 
that  a  given  server  can  support. 

HP  network 
adapter  teaming 

HP's  network  adapter  teaming  consists  of  two 
to  eight  NIC  ports  that  function  as  if  they  were 
a  single  NIC.  When  configured  for  network 
fault  tolerance  (NFT)  teaming,  traffic  within  a 
team  is  automatically  shifted  from  a  failed  port 
to  a  working  port  without  disruption  of 
service.  The  network  remains  available  while 
the  failed  network  device  is  replaced. 

Transmit  load  balancing  (TLB)  enables 
the  sharing  of  the  server's  outbound  network 
traffic  among  the  members  of  a  team.  TLB 
enhances  availability  because  it  can  be  split 
across  multiple  network  switches  to  provide 
switch  redundancy. 

When  configured  for  switch-assisted 
load  balancing  (SLB)  teaming,  all  inbound 
and  outbound  traffic  is  shared  across  all  the 
members  of  the  team.  And  the  same  traffic 
is  shared  among  the  ports  on  the  switch 
used  by  the  port  teams. 

ProLiant  Essentials 
Intelligent  Networking  Pack 

The  ProLiant  Essentials  Intelligent 
Networking  Pack  (INP)  enables  ProLiant 
servers  to  adapt  and  change  the  network 
path  to  help  ensure  maximum  availability. 
INP  resides  at  server  nodes  and  is  aware  of 


64-bit  Intel  Xeorf  processors: 


high  availability  building  blocks 


business  requirements  demand  IT  organizations 
deploy  servers  that  are  designed  to  be  powerful,  reliable  and 
highly  available.  Leading  technologies  like  redundant  Ethernet 
connections,  network  adapter  teaming,  memory  management 
and  Smart  Array  controllers  enable  improved  flexibility  and 
broad  software  compatibility.  These  innovations  offer  IT 
professionals  the  tools  to  effectively  address  high-availability 
platform  challenges,  both  now  and  in  the  future. 

high  availability,  power  savings 

64-bit  Intel®  Xeon,M  processor-based  platforms  are  highly 
available  because  they  incorporate  technologies  such  as 
redundant  DIMMs  (dual  inline  memory  modules),  memory 


scrubbing  and  RAID  controllers  on  the 
motherboard.  Enhanced  Intel  SpeedStep® 
technology  and  DDR2-400  memory  support 
help  reduce  power  and  cooling  costs 
by  using  advanced  power-management 
techniques.  Server  performance  is  improved  by  technologies 
such  as  Intel®  EM64T,  Enhanced  Intel  SpeedStep 
technology,  Hyper-Threading  Technology,  PCI  Express*  and 
Intel  NetBurst®  microarchitecture. 

With  a  history  of  technology  innovation  and  a  broad  base 
of  hardware,  software  and  integration  leaders,  Intel  consistently 
delivers  enterprise-class  performance,  quality  and  availability. 
This  approach  helps  you  to  build  for  the  future  with  confidence 
on  a  platform  that  evolves  as  your  business  grows. 
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figure 2.  fast  path  failover 


FAILURE:  team's  primary  NIC  has  100  Mbps  path  to  core  switch 
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RECOVERY:  team's  new  primary  NIC  has  gigabit  path  to  core  switch 
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HP  ProLiant  server 

the  network  infrastructure  from  the  first 
tier  of  switches  and  beyond.  As  network 
conditions  change,  the  INP  monitors  and 
analyzes  the  network  conditions,  and 
redirects  traffic  to  the  optimum  path. 

INP  offers  three  key  features:  active 
path  failover,  fast  past  failover  and  dual 
channel  teaming.  Active  path  failover  allows  a 
ProLiant  server  to  maintain  connectivity 
with  the  core  network  even  if  the  link 
between  the  intermediate  switch  and  the 
core  network  has  failed.  When  active  path 
failover  is  configured,  the  ports  in  a  team 
continually  monitor  for  connectivity  to  the 
core  network.  The  primary  path 
automatically  fails  over  to  the  secondary  path 
as  soon  as  it  senses  a  loss  of  connectivity. 

Fast  path  failover  determines  the 
fastest  path  to  the  core  switch  to  help 
maximize  network  performance  and 
availability  by  identifying  network  path 
degradation.  For  example,  fast  path  failover 
would  detect  if  the  Gigabit  Ethernet 
connection  from  an  access  switch  to  a  core 
switch  fails  and  the  traffic  is  rerouted  over  a 
100-Mbps  Ethernet  connection.  It  would 
then  fail  the  traffic  over  to  an  alternative 
Gigabit  Ethernet  connection. 

Dual  channel  teaming  allows  system 
administrators  to  create  a  team  of  NICs  that 
support,  receive  and  transmit  load  balancing, 
and  provides  switch  redundancy.  This 
combination  of  capabilities  is  not  available 


with  any  other  team  types  such  as  SLB  or 
TLB.  With  dual  channel  teaming,  two  NiC 
teams  appear  as  a  single  connection  to  the 
server.  If  one  of  the  switches  fails,  there  is  no 
loss  of  connectivity  and  the  failed  switch  can 
be  replaced  without  affecting  server  traffic. 

virtual 

presence 

HP's  Integrated  Lights-out  (iLO)  technology 
reduces  cost  and  increases  server 
availability  by  giving  an  IT  organization  a 
virtual  presence  within  the  data  center  as 
well  as  on  any  remote  system.  That  means 
no  matter  where  the  server  is  located,  the 
IT  organization  has  control  over  the  key 
system  resources  such  as  the  console, 
keyboard,  mouse  and  power.  Using  iLO, 
an  IT  organization  even  has  the  ability  to 
make  storage  media  appear  local  to  the 
server.  In  addition,  iLO  continues  to 
operate  even  if  the  server's  operating 
system  is  not  functioning. 

IT  organizations  can  use  iLO  to  install, 
configure,  monitor,  update  and  troubleshoot 
remote  ProLiant  servers  from  a  standard  web 
browser,  command  line  or  script  without 
requiring  any  additional  software  on  the 
client  system.  iLO  is  integrated  with  other 
management  tools,  making  it  easier  to 
combine  virtual  presence  capabilities  with 
other  server  lifecycle  management  tasks  from 
deployment  to  ongoing  administration. 


I  memory  protection 
I  technologies 

•  ProLiant  servers  use  a  variety  of  techniques 
.  to  protect  against  errors,  and  hence 

•  increase  availability.  For  example,  HP  was 
.  one  of  the  first  companies  to  introduce 

»  advanced  memory  protection  technology 

•  such  as  ECC  (Error-Correcting  Code) 

.  memory,  online  spare  memory,  mirrored 
.  memory  and  RAID  memory  in  industry- 
.  standard  servers. 

To  improve  memory  protection  even 
.  further,  HP  introduced  Advanced  ECC 
-  technology.  Advanced  ECC  technology  is 
.  capable  of  correcting  a  multi-bit  error  that 
.  occurs  within  one  dynamic  random  access 
.  memory  (DRAM)  chip. 

.  The  ProLiant  server  online  spare 
.  memory  determines  if  an  active  DIMM  (dual 
.  inline  memory  module)  exceeds  a  predefined 
.  error  threshold.  The  error  will  be  corrected 

a 

.  and  the  data  from  the  entire  bank  that 
.  contains  the  failed  DIMM  will  be  copied  to 
.  online  spare  memory.  The  failed  bank  is 
.  deactivated,  but  the  server  will  remain 
«  available  until  the  failed  DIMM  is  replaced 
.  during  a  scheduled  shutdown. 

.  Whereas  online  spare  memory  mode 
.  protects  against  single-bit  errors  and  entire 
.  DRAM  failure,  mirrored  memory  mode 
.  enables  full  protection  against  single-bit 
.  and  multi-bit  errors.  In  mirrored  memory 
.  mode,  the  same  data  is  written  to  both 
.  system  memory  and  mirrored  memory 
.  banks,  but  data  is  read  only  from  the 
.  system  memory  banks.  If  a  DIMM  in  the 
.  system  memory  banks  experiences  a 
.  multi-bit  error  or  reaches  the  pre-defined 
.  error  threshold  for  single-bit  errors,  the 
.  roles  of  the  system  and  mirrored  memory 
.  banks  are  reversed. 

HP  is  one  of  the  first  companies  to 
.  support  hot  plug  RAID  memory,  which 
.  allows  the  memory  subsystem  to  operate 
.  continuously  even  in  the  event  of  a 
.  complete  memory  device  failure.  In  this 
.  context,  RAID  stands  for  Redundant  Array 
,  of  Industry-standard  DIMMs. 

Hot  plug  RAID  memory  generates 
.  parity  for  an  entire  cache  line  of  data 
.  during  write  operations  and  records  the 
.  parity  information  on  a  dedicated  parity 
.  cartridge.  However,  hot  plug  RAID  memory 
.  does  not  have  the  mechanical  delays  of  seek 
.  time,  rotational  latency  and  bottlenecks 
.  associated  with  disk  drive  arrays. 
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figure 3.  HP  ProLiant  DL380  G4  server 


SPECIAL  ADVERTISING  SECTION 


cooling 
&  power 

There  are  two  types  of  cooling  redundancies. 
One  allows  users  to  run  their  server  until 
they  shut  it  down  and  replace  the  failed  fan. 
The  other  maximizes  server  availability  by 
permitting  the  failed  fan  to  be  changed  while 
the  system  is  still  functioning. 

HP  performs  hundreds  of  system  tests 
on  each  of  its  ProLiant  servers.  During 
these  tests,  the  fans  are  independently 
stress  tested.  For  greater  reliability,  only 
fans  with  ball  bearings  are  used.  HP  servers 
include  counter-rotating  fans  with  fixed 
stators,  designed  to  produce  greater  airflow 
at  higher  flow  impedances  and  a  more 
uniformly  directionalized  airflow. 

ProLiant  servers  allow  the  addition  of 
a  redundant  power  supply,  or  removal  of  an 
existing  redundant  power  supply  for 
servicing  at  any  time  without  interrupting 
server  operation.  Having  a  redundant  power 
supply  protects  the  server  against  the  failure 
of  a  power  supply,  as  well  as  the  failure  of 
the  AC  line  cord.  When  a  server  is  equipped 
with  two  power  supplies,  each  provides 
approximately  half  of  the  power  required  by 
the  system.  This  helps  to  reduce  component 
stress,  which  enhances  overall  reliability. 

Smart  Array 
controllers 

In  this  context,  RAID  refers  to  Redundant  Array 
of  Independent  Disks.  RAID  technology  allows  a 
group  of  disk  drives  to  be  tied  together  to 
function  as  a  single  logical  disk  drive,  providing 
increased  performance  and  availability. 

HP's  Smart  Array  controllers  are 
integrated  on  ProLiant  servers,  and  support 
a  variety  of  RAID  types  including  RAID 
1  + 0  and  RAID  5.  Developed  and  patented 
by  HP,  RAID  Advanced  Data  Guarding 
(ADG)  is  further  supported  on  Smart  Array 
controllers.  This  technology  creates  two  sets 
of  parity  striped  data  across  the  disks  to 
help  ensure  the  system  can  withstand 
multiple  disk  failures  without  data  loss. 
RAID  ADG  enables  high  levels  of  fault 
tolerance  in  a  cost-effective  manner. 


Up  to  12  MB  DDR-2  SDRAM  with  online  Up  to  2  Intel*  Xeon"  processors  with  an 
spare  and  advanced  ECC  capabilities  800  MHz  FSB  and  1  MB  of  12  Cache 


Six  Ultra320  SCSI 
hot  plug  hard  drives 


Base  hot  plug  fans 

Redundant  hot  plug 
fan  slots 

Duplex  drive 
backplane  option 


Base  hot  plug 
power  supply 

Redundant  hot  plug 
power  supply 


Dual  gigabit  NICs 

Integrated  smart 
array  U320  array 
controller,  optional 
1 28  MB  BBWC 


A  RAID  array  controller  will  store  data 
temporarily  in  cache  memory  during  data 
transfers.  If  a  power  interruption  occurs 
after  data  has  been  written  to  cache 
memory  and  before  it  is  written  to  a  disk, 
the  cached  data  will  be  lost.  To  avoid  this 
problem,  HP's  Smart  Array  controllers 


should  look  for  features  like  redundant 
server  adapters,  and  advanced  network 
adapter  teaming  capabilities  such  as  fast 
path  failover. 

Highly  available  servers  also  require 
functionality  such  as  HP's  industry  leading 
memory  protection  and  Smart  Array 


figure 4.  RAID  selection  guid< 
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support  redundant  battery-backed  cache, 
providing  battery  backup  for  up  to  four 
days.  Once  the  power  has  been  restored,  the 
data  in  the  cache  is  then  moved  to  a  disk. 

making  the 
right  choices 

Companies  of  all  sizes  and  industry  types 
are  increasingly  adopting  a  non-stop 
approach  to  business  operations.  To  support 
this  approach,  IT  organizations  must 
continually  improve  component  availability. 

HP  ProLiant  servers  are  the 
cornerstone  of  a  reliable  IT  infrastructure. 
When  selecting  a  server,  IT  organizations 


controllers,  as  well  as  advanced  cooling  and 
power  technologies.  And  remote 
management  capability  allows  the  user  to 
quickly  address  server  requirements  from 
any  location.  These  features  ensure  that  HP 
ProLiant  servers  provide  the  availability 
required  by  today's  business  environment. 

HP  (NASDAQ  "HPQ")  is  a  technology 
solutions  provider  to  consumers,  businesses  and 
institutions  globally.  The  company's  offerings 
span  IT  infrastructure,  global  services,  business 
and  home  computing  and  imaging  and  printing. 

Intel  (NASDAQ  "INTC"),  the  world's  largest  chip 
maker,  is  also  a  leading  manufacturer  of  computer, 
networking  and  communications  products. 
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For  more  information  on  ProLiant  servers  and  increasing  server  availability, 
visit  www.hp.com/go/f  or  call 


©  Copyright  2005  Hewlett-Packard  Development  Company,  L.P.  and  Intel  Corporation,  Intel,  the  Intel  logo,  Intel  Inside,  the  Intel  Inside  logo,  Pentium,  Itanium,  Intel  Xeon, 
Intel  NetBurst  and  Intel  SingleDriver  are  trademarks  or  registered  trademarks  of  Intel  or  ils  subsidiaries  in  the  United  States  and  other  countries,  Microsoft  and  Windows  are 
U.S.  registered  trademarks  of  Microsoft  Corporation.  *  Other  names  and  brands  may  be  claimed  as  the  property  of  others. 


5983-0552ENUC 


■  NCipher  this  week  is  expected  to 
announce  that  its  SecureDB  data¬ 
base  encryption  software  has 

been  expanded  beyond  Oracle  to  sup¬ 
port  Microsoft  and  IBM  databases. 
The  nCipher  encryption  engine  runs 
directly  on  the  database  server.  The 
product  also  has  a  management  con¬ 
sole  that  allows  the  control  of  file 
encryption  to  be  placed  in  the  hands 
of  someone  other  than  a  database 
administrator.  SecureDB  is  priced 
starting  at  $30,000. 


■  McAfee  this  week  is  expected  to 
announce  that  its  Priority  and  Enter¬ 
prise  security  maintenance  and  sup¬ 
port  agreements,  the  two  contracts 
that  cover  the  entire  McAfee  product 
line  for  corporations,  are  being 
replaced  with  new  contract  agree¬ 
ments.  Gold,  the  replacement  for 
Priority,  will  include  round-the-clock 
response  and  security  advice  avail¬ 
able  through  phone,  the  Web  and  chat 
consultation,  plus  educational  tools 
such  as  videos  and  online  tutorials  for 
installations. The  Platinum  support 
service,  the  replacement  for 
Enterprise,  includes  Gold  service  plus 
an  assigned  technical  account  man¬ 
ager  with  professional  security 
accreditation  able  to  provide  broader 
security  advice.  Gold  maintenance 
and  support,  which  includes  security 
alerts  and  version  releases,  costs  40% 
of  the  product  list  price.  Platinum 
adds  another  $35,000. 
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■  Alcatel  this  week  is  expected  to 

launch  its  OmniSwitch  6800L 
series  of  switches.  The  products 
come  in  48-  and  24-port  versions  with 
10/100M  bit/sec  Layer  3  switches.  The 
switches  can  also  be  upgraded  to 
Gigabit  Ethernet  to  all  ports  via  an 
upgrade  license  key.  They  can  be 
stacked  in  groups  of  up  to  16  switch¬ 
es,  using  a  40G  bit/sec  proprietary 
stacking  technology,  which  lets  a 
stack  be  managed  as  one  device.  The 
OmniSwitch  6800L  series  is  priced 
starting  at  $3,300  for  the  24-port 
switch  and  $4,800  for  the  48-port 
device.  The  Gigabit  Ethernet  upgrade 
starts  at  $2,400. 


SSL  VPN  vendor  charts  new  course 


Corporations  are  looking  to  let 
more  mobile  employees  —  and 
non-employees  —  access  their  net¬ 
works,  and  SSL  VPNs  are  a  way  to 
support  this  shift,  says  Evan  Kaplan, 
CEO  of  SSL  VPN  vendor  Aventail. 
Kaplan  says  businesses  should  fol¬ 
low  a  model  similar  to  that  used  in 
e-commerce,  where  businesses  don ’t 
know  whether  to  tmst  remote  users 
or  the  network  they  are  using  yet 
manage  to  connect  securely  to  private  resources.  SSL 
VPN  technology  enhanced  by  peripheral  security  will 
support  this  model  for  all  corporate  communication, 


Kaplan  says.  In  a  recent  interview  with  Network  World 
Senior  Editor  Tim  Greene,  Kaplan  explained  this 
approach  to  security,  differentited  it  from  other  architec¬ 
tures  and  talked  about  his  competition. 

You  disagree  with  networking  companies  that  say  networks 
should  be  secured,  arguing  instead  that  communications  should 
be  secured.  What  is  the  distinction? 

The  networking  companies  —  Nortel  and  Cisco  and 
some  of  those  folks  —  want  to  make  your  networks  really 
intelligent  and  really  secure  and  in  the  process  they  want 
to  retrofit  most  of  your  switches,  your  routers,  your  network 
infrastructure,  your  firewalls  to  make  that  happen.  Our  crazy 
assumption  is  that  networks  are  fast  and  dumb  and  widely 
available.  And  the  money  that  should  be  spent  should  be 

See  Aventail,  page  18 


ISS  unveils 


new  IPS  appliances 


New  from  ISS 

The  G400  at  400M  bit/sec  and  the  G2000  at  2G  bit/sec  round  out  the  G  line 
of  IPS  appliances,  which  offers: 


Spyware  blocking. 

Option  for  preconfigured  security  policy. 

Blocking  based  on  IP  address,  number  of 
ports  and  virtual  LANs. 

SNMP-based  management  to  work  with  security  information  management  from 
HP  OpenView, Tivoli,  Micromuse,  netForensics,  ArcSight  and  Intellitactics. 


■  BY  ELLEN  MESSMER 

Internet  Security  Systems  this  week  is 
expected  to  take  the  wraps  off  two  intru¬ 
sion-prevention  systems  —  the  Proventia 
G400  and  G2000  —  designed  to  block  spy- 
ware  and  hundreds  of  types  of  attacks. 

With  the  G2000,  which  reaches  2G 
bit/sec,  ISS  enters  the  high-speed  IPS  mar¬ 
ket  to  compete  against  vendors  offering 
multi-gigabit  IPS,  including  McAfee  and 
SCom’s TippingPoint  Technologies  division. 
ISS  also  is  upgrading  its  entire  G  line,  which 
starts  with  the  100M  bit/sec  G100,  to  pro¬ 
vide  gateway-based  blocking  of  roughly 
7,000  types  of  spyware  and  adware,  and  a 
range  of  improved  management  features. 

First  off,  ISS  is  adding  the  ability  to  exert 
policy-based  protections  based  on  IP  ad¬ 
dress  range  or  virtual  LAN  (VLAN)  seg¬ 
ment. 

“Previously  we  only  allowed  policy  by 
device,  regardless  of  the  number  of  ports,” 
says  product  manager  Chris  Simmons.  “It 
can  now  be  by  the  device,  number  of  ports 
and  VLANs.” 

In  addition,  ISS  is  offering  an  optional 
Web-based  management  interface  as  an 
alternative  to  its  SiteProtector  management 
system  for  IPS  deployments  of  up  to  five 
supported  devices.  The  Web-based  man¬ 
aged  interface  is  far  simpler  than  Site- 
Protector  and  will  make  it  easy  for  smaller 
firms  to  deploy  IPS,  according  to  ISS. 


ISS  also  is  adding  SNMP  management 
support  so  that  the  G  line  can  be  integrated 
into  third-party  network  management 
products.The  G  series  ranges  in  price  from 
$10,000  to  $100,000. 

All  IPSs  on  the  market  are  prone  to  issu¬ 
ing  false  alerts  at  some  point  when  put  into 
production.  The  kind  of  passive  intrusion- 
detection  sensors  that  have  been  used  for 
years  also  generate  false  positives  but  don’t 
block  traffic.  However,  an  IPS  may  instantly 
respond  to  a  false  positive  by  blocking 
legitimate  traffic.  This  is  one  reason  net¬ 
work  managers  often  use  IPS  in  what’s 
called  “mixed  mode,”  configuring  it  to 
block  some  types  of  attacks  but  not  others. 

To  lower  the  possibility  of  false  positives 
blocking  good  traffic,  ISS  has  added  an 
option  to  its  IPS  for  a  pre-configured  secu¬ 
rity  policy  it  calls  the  Trust  X-Force 


Prevention  Policy. 

This  option  is  a  default  setting  that  ISS 
crafted  to  block  attacks  of  a  critical  nature 
but  allow  more  wiggle  room  on  false  posi¬ 
tives.  “For  smaller  companies,  this  should 
be  an  easier  way  to  get  started  with  IPS,” 
Simmons  says. 

The  ISS  appliances  also  have  a  “virtual- 
patching”  feature.  When  a  software  vendor 
discloses  a  new  vulnerability  and  releases 
a  patch,  the  ISS  appliances  receive  an 
update  that  essentially  duplicates  the 
patch  to  block  any  exploits  based  on  the 
disclosed  vulnerability 
“It’s  not  as  though  you  don’t  need  to 
patch  your  systems  at  all,  but  you’ve  bought 
yourself  some  time,”  says  Clarence  Morey 
ISS  senior  manager  of  product  strategy 
Some  companies  say  they’re  investigating 

See  ISS,  page  18 
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Met  Infrastructure 


Peribit  touts  software 
that  speeds  traffic 


m  BY  TIM  GREENE 

Peribit  is  set  to  add  acceleration  of  cer¬ 
tain  Microsoft  applications  to  its  WAN 
appliances  to  reduce  response  times 
between  users  at  one  site  and  servers  at 
another. 

Called  AppsFlow,  the  new  software  for 
Peribit  Sequence  Mirror  devices  proxies  ap¬ 
plication  traffic  to  make  the  WAN  leg  of 
connections  more  efficient,  cutting  re¬ 
sponse  times  dramatically  the  company 
says.  Peribit  says  the  software  reduced  the 
download  time  of  a  2M-byte  Microsoft  Ex¬ 
change  email  attachment  over  a  trans- 
Atlantic  T-l  from  70  seconds  to  8  seconds. 

This  type  of  performance  improvement 
sparked  long-time  Peribit  customer  BOC 
Edwards  Global  to  try  the  software  as  it 
consolidated  its  Exchange  servers  to  fewer 
sites  to  save  money  says  Martin  Cox,  tech¬ 
nical  services  manager  for  planning  and 
development  at  the  firm. 

As  part  of  the  consolidation,  the  com¬ 
pany  removed  the  Exchange  server  from 
its  Tanawanda,  N.Y,  office,  requiring  work¬ 
ers  there  to  connect  to  a  server  in  its 
Wilmington,  Mass., headquarters  via  a  768K 
bit/sec  connection.“There  was  a  lot  of  neg¬ 
ativity  when  we  took  their  local  server 
awa/  Cox  says,  because  response  time 
became  noticeably  slower. 

So  the  company  installed  a  pair  of  SM- 
500  appliances  —  one  at  each  site  —  that 
included  AppsFlow.  Cox  says  he  doesn’t 
have  data  on  response  times  before  and 
after,  but  workers  in  Tanawanda  could  tell 
the  difference.  “The  users  noticed  straight 
away  the  minute  we  installed  the  technolo¬ 
gy  Mail  is  a  lot  snappier,  ”  Cox  says. 

He  says  BOC  Edwards  could  keep  local 
Exchange  servers  and  upgrade  them  all, 
but  it  would  cost  less  over  time  to  consoli¬ 
date,  pay  for  fewer  servers,  cut  manage¬ 
ment  and  maintenance  costs,  and  instead 
opt  for  the  Peribit  appliances.  “We  would 
rather  spend  money  on  Peribit  than  on 
new  servers  and  back-up  systems,”  he  says. 
“If  we  can  take  servers  out  of  the  field,  it’s  a 
much  better  way  of  spending  money’  A 
pair  of  SM-500s  that  support  a  768K  bit/sec 
connection  costs  about  $25,000  upfront 
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New  software  for  Peribit  Sequence  Mirror 
cuts  response  times,  the  company  says. 

and  eliminates  management,  maintenance 
and  license  upgrades  for  the  server. 

The  Peribit  boxes  sit  inline  between 
servers  and  WAN  connections,  and  proxy 
the  connection  between  the  client  and  the 
server.  By  spoofing  acknowledgements  lo¬ 
cally,  the  Peribit  gear  eliminates  the  need 
for  multiple  acknowledgements  crossing 
the  WAN  and  eating  up  time.  The  Peribit 
gear  can  gather  larger  chunks  of  data  faster 
than  the  client  could  gather  it  directly 
Peribit  says.The  devices  then  send  the  data 
more  efficiently  over  the  WAN,  using  a  sim¬ 
ilarly  optimized  version  of  TCP 

Competing  vendors  such  as  Expand  and 
Packeteer  optimize  TCP  but  not  individual 
application  protocols, says  Joel  Conover,  an 
analyst  with  Current  Analysis.  “Everyone’s 
been  focused  on  the  TCP  layer  and  provid¬ 
ing  visibility  of  activity  at  the  application 
layer,  but  not  optimization,”  he  says. 

Psribit  also  has  applied  this  type  of  opti¬ 
mization  to  Microsoft  file  services  and  Web 
applications.  The  optimization  actually 
works  on  the  underlying  protocols  used  by 
the  applications,  Messaging  API  in  the  case 
of  Exchange,  Common  Internet  File  System 
in  the  case  of  file  services  and  HTTP  in  the 
case  of  Web  applications.  So  the  boxes  also 
will  accelerate  other  applications  based  on 
these  protocols,  Conover  says. 

Peribit  is  scheduled  to  introduce  separate 
software  that  enables  clustering  of  up  to  six 
SM-500s  with  one  SR-100  to  boost  the 
caching  ability  of  the  SR-lOOs.This  caching 
is  used  to  reduce  the  volume  of  WAN  traffic 
by  storing  locally  frequently  accessed  data 
or  patterns  within  data  streams.The  cluster¬ 
ing  supports  WAN  links  up  to  OC-3. 

On  the  hardware  front,  Peribit  plans  to 
introduce  an  appliance,  the  SM-250,  for 
branch  offices  that  supports  links  from 
128K  to  2M  bit/sec.  It  is  expected  to  be 
available  in  mid-April.  ■ 


ISS 

continued  from  page  17 

how  they  might  use  IPS  but  are  still  wary 
about  false  positives. 

“I’m  a  little  skeptical,”  says  Jeff  Nigriny, 
chief  security  officer  at  Exostar,  an  e-com- 
merce  exchange  for  the  aerospace  and 
defense  industry  in  Herndon, Va. 

Nigriny  says  he  still  maintains  both  net¬ 
work-  and  host-based  intrusion-detection 
systems  (IDS),  including  those  from  ISS 
and  Enterasys  Networks,  on  Exostar’s  cor¬ 


porate  network,  despite  continuing  issues 
associated  with  false  positives.  But  he 
says  the  number  of  false  positives  leaves 
him  wary  about  automating  response. 

Exostar  has  branched  out  into  newer 
types  of  passive  monitors  by  deploying 
an  IDS  from  Intrusic  called  Zephon  in 
proximity  to  its  most  critical  database 
servers  to  determine  if  an  intruder  might 
be  stalking  the  network.  Intrusic  watches 
for  anomalies  that  indicate  suspicious 
activity  that  could  mean  an  attacker  has 
gotten  in.® 
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continued  from  page  17 

driving  a  secure  communication  as 
opposed  to  building  a  secure  network 
infrastructure.  Network  security  is  kind 
of  an  oxymoron.  When  you’re  creating  a 
secure  communication, you  always 
assume  the  network  is  insecure. 

Much  like  when  you  do  a  transaction 
on  Amazon.com, you  have  a  light¬ 
weight  SSL  VPN  there. They  have  a  set 
of  capabilities  that  are  sitting  some¬ 
where  on  the  Internet  that  are  protect¬ 
ed  by  a  firewall,  that  are  protected  by 
host  intrusion,  that  are  protected  by  a 
variety  of  well-constructed  and  secure 
applications.Then  they  make  that  avail¬ 
able  to  the  world  at  large. 

The  greater  investment  is  going  to  be’ 
at  the  perimeter  of  the  application  data 
center.  We’re  going  to  treat  every  con¬ 
nection  the  same  that  comes  from  a 
human  being.  We’re  going  to  assume 
every  network  is  insecure  underneath 
and  we’re  going  to  model  the  enter¬ 
prise  communication  infrastructure 
after  the  e-commerce  after  the  e-com- 
merce  infrastructure. 

What  elements  of  a  secure  network  would 
you  describe  as  unnecessary? 

It’s  not  a  question  of  what’s  unneces¬ 
sary  or  necessary  It’s  probably  a  level  of 
how  much  more  should  I  spend  on  fire¬ 
wall/perimeter?  How  much  more 
should  I  spend  on  network  access  con¬ 
trol  from  a  Cisco  point  of  view?  How 
much  would  I  spend  isolating  and 
quarantining  certain  of  the  networks? 
How  much  would  I  spend  on  smart 
switches?  How  much  would  I  spend  on 
making  certain  every  network  segment 
was  encrypted  from  the  inside?  Without 
answering  your  question  directly,  I  hope 
that  gives  you  enough  fodder. 

I  think  the  answer  to  all  those  questions  is, 
it  depends  on  how  much  do  you  stand  to 
lose  if  you  don't  do  them.  For  some  people  it 
probably  makes  sense  to  do  all  those  things, 
wouldn't  you  say? 

I’m  not  sure  in  what  cases  it  would 
make  sense.Take  any  large  enterprise. 
No  matter  what  they  do,  the  LAN  is 
somewhat  porous. You  could  say  it’s 
porous  because  people  move  laptops 
in  and  out  of  LANs  fairly  easily  You 
could  also  say  it’s  porous  because  most 
of  the  attacks  actually  happen  from  the 
inside.  Either  way  you’d  say  how  much 
more  secure  is  it  than  the  public  net¬ 
work?  How  much  do  I  want  to  spend  to 
make  it  that  much  more  secure?  If  I 
could  retreat  and  protect  the  really 
important  things,  which  are  the  desk¬ 
tops  or  the  applications  themselves  and 
the  storage  devices,  why  wouldn’t  I 
want  to  spend  my  money  there?  Assum¬ 
ing  I’m  going  to  spend  a  flat  rate,  why 
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wouldn’t  I  want  to  spend  more  of  it  in 
those  areas? 

Switches  can  be  used  as  enforcement  points 
to  stop  the  spread  of  worms  by  shutting 
down  LAN  segments.  Isn't  there  value  In 
that,  and  doesn't  that  fit  in  with  the  model 
of  creating  a  secure  network? 

It’s  a  question  of  relative  investment 
expenditure  and  a  model  that  scales  a 
little  bit  easier.  If  I  spend  X  amount  of 
money  on  secure  switches,  does  that 
mean  I  spend  less  on  endpoint  securi¬ 
ty?  Does  that  mean  I  spend  less  on  poli¬ 
cy-oriented  access  to  applications?  At 
some  point  there  is  a  trade-off.  Because 
so  much  of  the  networks  that  you’re 
using  are  in  fact  dumb  and  because 
what  you’re  really  trying  to  protect  is 
the  application  set,  then  that  trade-off 
should  yield  toward  endpoint  security 
and  data  center  security 

Put  yourself  in  the  position  of  an  fT  profes¬ 
sional.  How  would  you  make  that  decision? 

I’d  take  a  look  at  where  my  traffic  was 
coming  from,  the  bulk  of  it.  I’d  figure  out 
if  I  could  in  fact  pull  it  off  with  these 
SSL  VPN  infrastructures.  And  if  1  could 
do  that,  then  where  would  I  slow  my 
investment?  I’d  go  back  to  the  switches 
and  the  routers  and  the  perimeters,  and 
at  what  level  do  I  do  my  anti-virus?  Do  I 
do  it  at  the  edge  of  the  application  data 
center?  Do  I  do  it  on  the  broad  net¬ 
work?  How  much  do  I  spend  to  secure 
the  endpoint?  I’d  just  take  a  look  at  a 
bunch  of  different  stuff  to  make  that 
decision.  I’m  not  saying  this  happens 
tomorrow.  I’m  saying  these  are  invest¬ 
ment  trends  that  happen  over  time. 

Assuming  your  way  of  looking  at  things 
catches  on,  where  does  that  put  you  in  rela¬ 
tion  to  your  more  direct  competitors? 

The  market  is  so  robust  and  there  are 
so  many  good  competitors  I  think  peo¬ 
ple  will  see  it.  Obviously  Cisco  will 
eventually  build  good  products  there.  1 
think  we  have  a  very  clear  vision,  and 
each  release  takes  us  along  that  clear 
vision  to  deliver  that  common  SSL  VPN 
gateway  Vision  and  capital  should  put 
us  in  a  nice  leadership  position.We’re 
not  a  networking  vendor,  we’re  not  try¬ 
ing  to  move  packets,  we’re  totally  focus¬ 
ed  on  secure  communications.  We  are 
the  one  independent  player  left  that’s 
large  enough  and  has  enough  capabili¬ 
ties  to  do  that. 

How  long  will  there  be  a  market  to  support  a 
separate  SSL  vendor  like  Aventail?  After  a 
while  people  might  regard  SSL  VPN  as  a 
commodity  that  their  networking  vendor  can 
supply. 

If  I  thought  SSL  VPN  was  just  a  small 
thing,  which  was  just  encrypting  an  SSL 
VPN  tunnel,  I’d  completely  agree.  But  1 
think  it’s  a  much  larger  thing  with  the 
endpoint  enforcement  and  the  policy 
and  the  application  security  issues.® 


19 


4/4/05 


NetworkWorld 


www.nwfusion.com 


■  STORAGE  ■  GRID/UTILITY  ■  MOBILE  COMPUTING 


Study:  Licensing  stalls  grid  computing 


■  BY  JENNIFER  MEARS 

A  new  report  by  The  451  Group  sug¬ 
gests  that  the  traditional  per-CPU  soft¬ 
ware  licensing  model  is  throwing  a 
wrench  in  widespread  adoption  of  grid 
computing. 

Because  grids  consume  computing  re¬ 
sources  dynamically,  growing  and  shrink¬ 
ing  as  applications  demand,  IT  managers 
are  finding  that  they  cannot  afford  to  pay 
for  software  licenses  for  every  processor 
available  to  the  grid. 

“It’s  all  butting  up  against  the  software 
vendors,  and  there’s  increasing  pressure 
on  them  to  find  some  sort  of  accommo¬ 
dation,”  says  William  Fellows,  principal 
analyst  at  The  451  Group  and  lead  author 
of  the  report. 

In  the  77-page  report,  titled  “Grid 
Computing  —  The  Impact  of  Software 
Licensing,” Fellows  and  others  say  there  is 
an  evolution  underway  when  it  comes  to 
pricing  software.  Grid  computing  is  one 
of  several  new  data  center  architectures 
that  is  forcing  independent  software  ven¬ 
dors  (ISV)  to  take  a  closer  look  at  how 
they  price  their  products,  Fellows  says. 

“What  we  are  seeing  is  collectively 
there’s  a  sense  in  which  all  of  these  things 
—  multicore,  virtualization,  together  with 
grids,  on-demand,  utility  computing  and 
alternative  purchase  models  —  mean 
that  there  is  a  broader,  long-term  change 
in  the  technology  market  and  probably  a 
disruptive  impact  to  software  vendors 


■  Iomega  last  week  announced  a 
network-attached  storage 
server  for  use  in  workgroups  and 
departments.  The  rack-mountable 
NAS  300r  is  available  in  three  models, 
with  capacities  ranging  from  320G 
to  500G  bytes.  It  has  hot-swappable 
drives  for  fault -tolerance  and  avail¬ 
ability,  and  supports  network  printing. 
The  NAS  300r  uses  Windows  Storage 
Server  2003  and  supports  Microsoft 
Exchange  databases.  The  NAS  sys¬ 
tem,  which  starts  at  $2,000,  ships 
with  Iomega  Automatic  Backup  Pro 
software. 


Paying  a  premium 


That  is  the  typical  license  pre¬ 
mium  The  451  Group  estimates 
users  can  expect  to  pay  for 
running  applications  on  a  grid 
vs.  in  a  conventional 
environment. 


down  the  line,”  he  says. 

Today,  when  it  comes  to  grids,  compa¬ 
nies  tend  to  work  around  licensing  issues 
with  vendors  by  negotiating  custom  con¬ 
tracts,  writing  their  own  code  or  deploy¬ 
ing  open-source  applications.  But  in  most 
cases,  they  haven’t  been  able  to  move 


beyond  initial  grid  deployments  because 
of  application  licensing  concerns. 

“They  can’t  move  their  adoption  of  grid 
forward  without  some  kind  of  more  flex¬ 
ible  way  of  buying  software,”  Fellows  says. 

He  says  users  shouldn’t  expect  to  see 
changes  immediately  but  notes  that  soft¬ 
ware  vendors  are  taking  a  closer  look  at 
the  issue. 

SAS  Technology,  for  example,  which 
sells  analytics  applications,  says  it  will 
begin  publishing  a  price  list  for  its  grid- 
enabled  software  later  this  year.  In  the 
past,  it  has  negotiated  grid-based  soft¬ 
ware  licensing  on  a  custom  basis. 

Other  software  vendors  aren’t  so  quick 
to  modify  their  pricing  schemes.  Oracle, 
for  instance,  sells  its  grid-enabled  data¬ 
base  software  on  a  strictly  per-CPU  basis, 
which  enables  its  powerful  applications 
to  run  on  pools  of  small, standards-based 
hardware. 


“The  assumption  Oracle  is  making  is 
that  a  customer  more  than  recovers  the 
cost  of  paying  for  licenses  on  many  com¬ 
modity  nodes  through  the  savings  made 
by  not  having  to  purchase  expensive 
[symmetric  multiprocessor]  servers,”  the 
report  says. 

Still,  Fellows  says  that  industry-wide 
change  is  necessary  to  promote  broader 
adoption  of  grids  in  commercial  data 
centers.The  hope  is  that  ISVs  will  license 
applications  based  on  business  objec¬ 
tives,  an  approach  that  will  require  moni¬ 
toring  and  management  tools  to  better 
track  application  usage. 

“Users  need  to  bring  the  issue  to  the 
table,”  Fellows  says.“Grids  are  emerging  in 
lots  of  different  segments  and  collective¬ 
ly  users  can  have  a  voice. . .  .The  evidence 
shows  that  where  they  have  expressed  a 
requirement  [for  a  change  in  software 
licensing]  things  have  moved  forward.” ■ 


A  Novell  BrainShare  debriefing 


Low-key  That’s  how  I’d  sum  up  Novell’s 
annual  BrainShare  conference,  which 
I  attended  two  weeks  ago. 

I’ve  been  to  15  of  these  events  (since 
before  it  was  called  BrainShare),  but  the 
most  recent  was  only  my  first  in  three 
years.  I  found  the  keynote  addresses  to  be 
particularly  ho-hum  compared  with  those 
I’ve  seen  in  the  past.  Jack  Messman  and 
the  governor  of  Utah  were  no  match  for 
earlier  stemwinders  I’d  seen  from  Novell’s 
own  Ray  Noorda  and  Drew  Major,  as  well 
as  outsiders  such  as  Apple’s  Steve  Jobs, 
Oracle’s  Larry  Ellison  and  even  Microsoft’s 
Steve  Ballmer. 

Part  of  it,  of  course,  was  that  there  were 
no  major  new  announcements.  All  of 
those  had  come  either  two  weeks  before 
at  Europe’s  CeBIT  or  last  month’s  Linux- 
World  events. 

The  mood  was  also  a  reflection  of 
Messman’s  personality,  as  I  noted  in  one  of 


my  Novell  NetWare  Tips  newsletter  last 
week  (see  www.nwfusion.com,  DocFinder: 
6534).  He  wants  you  to  know  who’s  in 
charge,  though  he  lacks  charisma,  at  least 
on  the  stage. 

But  sober  reflection  leads  me  to  believe 
that  something  else,  something  more  sub¬ 
tle,  something  that  perhaps  new  Marketing 
Vice  President  Bill  Hewitt  thought  up, 
could  have  been  the  genesis  of  the  almost 
somber  week. 

Novell  is  all  about  Linux  and  open  source 
these  days.  Business,  in  general,  dislikes  the 
passionate  nature  of  the  open  source 
movement  (while  continuing  to  use  its 
products)  and  the  almost  religious  fervor 
that  leaders  of  open  source  show  when  let 
out  in  public. 

Gov.  Jon  Huntsman  Jri  talk  could  be  seen 
as  a  typical  “move  your  business  to  my 
state”  speech  often  delivered  to  Chamber 
of  Commerce  audiences.  Messman’s  could 
be  viewed  as  a  no-nonsense  talk  to  share 
holders  defining  and  defending  the  com¬ 
pany’s  actions.  In  both  cases,  they  con¬ 
tributed  to  an  impression  that  Linux  is 
already  mainstream,  Linux  is  ready  to  run 
enterprise  networks  —  Linux  is  not  only 
better  for  your  bottom  line,  but  will  give 
your  company  an  edge. 

The  two  thrusts  of  the  Linux  message 
were  about  the  new  Linux  Small 


Business  Suite  and  the  new  Linux 
Datacenter  packages. 

But  perhaps  the  theme  really  was  that 
Linux  has  grown  up.  Since  it  was  just  two 
years  ago  at  BrainShare  that  Messman 
referred  to  Linux  as  an  “immature  operat¬ 
ing  system,”  there’s  a  certain  poetic  ele¬ 
gance  to  now  treating  it  as  ready  to  run 
the  Fortune  50.  Novell  just  might  have  a 
rosy  future. 

Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  at 
wired@vquill.  com. 


TipoftheWeek 


Also  at  BrainShare,  Novell 
showed  its  upcoming 

Netware  client  for  Linux, 

which  should  be  available 
late  next  month.  It’s  been  a 
long  time  coming  but  it 
should  do  for  desktops  what 
Open  Enterprise  Server 
does  for  NetWare  servers  — 
ease  the  transition  to  Linux. 


JUST  BECAUSE  THE  SYSTEM  IS  DOWN 
DOESN’T  MEAN  THE  PEOPLE  USING  IT  SHOULD  BE 


Constant,  uninterrupted  access  to  critical  data,  systems  and  people.  Even  whin  something: goes  wrong..  That's  Information  Availability.  And  one.  of 


the  best  ways  to  virtually  guarantee  Information  Availability  is  by  running  your  production  systems  out  of  our  facilities.  You  manage  your  applications 


and  data  while  SunGard  Availability  Services  helps  to  ensure  that  the  infrastructure  and  technical  support  you  need  js  always  on.  SunGard  can 
offer  a  secure  and  scalable  environment  at  a  lower  operational  cost  for  production.  Plus  we  have  over  60  state-of-the-art  hardened  facilities  with 


network,  power  and  equipment  redundancies  that  are  unparalleled.  For  a  free 
White  Paper:  “Ensuring  Information  Availability”  visit  www.avaitabil(ty.sungard.com/idcwp. 


Availability  Services 


Keeping  People 
and  Information 
C  mnected 
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Linux  making  its  mark  in  messaging 


Linux  lineup 

Here’s  a  sampling  of  messaging  servers  that  run  on  Linux: 

Vendor/Product 

Highlights 

©Mail’s  Server  Mode 

Web-based  e-mail  ships  with  complete  source  code, 

Gordano’s  Messaging  Server 

IM,  archiving  among  features;  supports  Outlook. 

IBM/Lotus’  Notes/Domino 

Leading  corporate  collaboration  platform. 

Kerio’s  MaiiServer 

Targets  Microsoft  Exchange  with  shared  calendars, 
contacts  and  tasks  through  Outlook  client. 

Netiine’s  Open-Exchange 

7;.'V  '  _/  //"'%/ 

Novell’s  GroupWise 

former  SuSE  Linux  product  with  service  and  support 
provided  by  Novell. 

E-mail,  calendaring,  scheduling,  instant  messaging, 
introducing  Outlook  plug-in. 

E-mail  calendars,  online  work  spaces,  Web 
conferencing;  supports  Outlook. 

Real  Time  Enterprises’  Linux 
Mail  Server 

Scallx’s  Scalix  Server 

Anti-virus/spam  features  available;  supports  Outlook. 

HP  OpenMail  is  server  foundation;  supports  Outlook, 
Webaccess.  /. 

Stalker’s  Communicate  Pro 

Real-time  features,  anti-virus/spam;  supports  Outlook. 

■  BY  JOHN  FONTANA 

In  the  past  decade,  the  biggest  winner  on 
the  e-mail  server  landscape  has  not  been 
IBM/Lotus  Domino  or  Microsoft  Exchange, 
but  Windows,  the  operating  system  that 
supports  the  majority  of  messaging  and 
collaboration  platforms  in  use  today 

But  just  as  Linux  is  being  presented  as  a 
viable  alternative  to  Windows  for  network¬ 
plumbing  tasks  such  as  file  and  print  and 
Web  serving,  it  is  starting  to  rise  as  an  appli¬ 
cation-layer  option,  especially  with  cluster¬ 
ing,  IP  and  virtualization  improvements  in 
the  latest  Linux  kernel. 

The  proof  is  in  a  messaging  landscape 
flush  with  Linux  versions  of  e-mail  and  col¬ 
laboration  servers  from  IBM/Lotus,  Novell 
and  Oracle.  Novell  also  launched  in 
February  an  open-source  project  called 
Hula  to  develop  a  standards  based  server 
with  a  browser  interface  that  focuses  on  e- 
mail,  calendars  and  contacts. 

Smaller  vendors  such  as  @Mail,  Gordano, 
Kerio,  Netline,  Scalix  and  Stalker,  also  offer 
messaging  servers  on  Linux. 

While  the  converts  remain  mostly  small 
and  midsize  companies,  they  are  raising 
awareness  at  a  time  when  millions  of  users 
of  Microsoft  Exchange  5.5  are  seeing  sup¬ 
port  end  for  their  software. 

“Linux  is  all  business,  there  is  no  fluff.  It 
does  its  job,”  says  John  Giantelli,  the  senior 
IT  director  at  the  American  Society  for  the 
Prevention  of  Cruelty  to  Animals  (ASPCA). 
“After  two  years,  we  are  up,  we  are  running 
and  we  are  happy’ 


Takes 

■  Brix  Networks,  which  makes 
hardware  and  software  for  monitor¬ 
ing  VoIP  performance,  last  week  said 
it  has  added  $5  million  in  venture 
capital  funding.  The  Chelmsford, 
Mass.,  company  now  has  raised 
about  $60  million  over  five  rounds 
since  its  founding  in  1999.  New 
investor  Castile  Ventures,  plus  cur¬ 
rent  backers  such  as  Charles  River 
Ventures  and  ComVentures,  led  the 
latest  round.  Brix  says  it  plans  to  use 
the  new  funding  to  support  sales, 
marketing  and  engineering  efforts. 


Giantelli  converted  to  Linux  in  2003, 
which  he  picked  over  Windows  2000  to  run 
his  Notes/Domino  installation  and  to 
replace  his  aging  and  unstable  Windows 
NT  infrastructure. 

“Downtime  is  unacceptable  to  us,”  says 
Giantelli.  “The  Microsoft  OS  runs  some  of 
my  products  here  very  well,  but  for  mail  it 
was  just  not  cutting  it.” 

Giantelli  says  his  messaging  costs  have 
dropped  30%,  mostly  coming  from  the  reli¬ 
ability  and  the  cheaper  hardware  that  his 
mail  server  is  running  on.  He  extended 
Linux  throughout  his  messaging  infrastruc¬ 
ture  via  management  tools  based  on 
Webmin.and  anti-spam  and  anti-virus  soft¬ 
ware  from  McAfee. He  also  is  in  the  process 
of  moving  Lotus  Quickplace,  which  is  soft¬ 
ware  for  creating  ad  hoc  online  work¬ 
groups,  from  Windows  2000  to  Linux. 

Michael  Osterman,  president  of  Oster- 
man  Research,  says  there’s  no  mass  migra¬ 
tion  underway,  but  calls  Linux  “a  viable 
alternative.” 

A  Linux-based  messaging  platform 
makes  sense  for  those  adopting  more 
Linux  who  want  to  streamline  manage¬ 
ment  chores.  It  also  makes  sense  for  those 
who  are  averse  to  licensing  changes 
around  software  maintenance  on  the 
Microsoft  platform  that  put  users  on  per¬ 
petual  upgrade  paths,  he  says. 


Julie  Farris,  founder  and  chief  strategy 
officer  for  Linux-based  messaging  vendor 
Scalix,  says  e-mail  is  a  strong  candidate  as 
a  killer  application  for  Linux. 

“E-mail  is  so  closely  coupled  to  the  oper¬ 
ating  environment,  and  it  has  historically 
been  used  to  drive  platform  adoption,”  she 
says.  “That  dates  back  to  IBM  and  DEC, 
which  used  PROFS  and  All-in-1  [respective¬ 
ly]  to  drive  adoption  of  the  mainframes 
and  minicomputers.”  Farris  says  LAN  mail 
pioneer  cc:Mail,  where  she  once  worked, 
created  a  disruptive  platform  shift  that 
eventually  sunk  PROFS  and  All-in-1  during 
the  LAN  revolution. 

“The  reason  that  I  started  Scalix  three 
years  ago  was  based  on  a  bet  that  Linux 
would  be  a  similar  disruptive  shift  in  the 
world  of  e-mail  and  messaging,”  says  Farris, 
a  17-year  industry  veteran. 

In  a  recent  survey  by  Osterman  Research, 
nearly  43%  of  103  respondents  said  they 
would  probably  or  definitely  consider 
switching  there  back-end  servers  if  it  meant 
they  did  not  have  to  change  desktop 
clients.  Roughly  32%  said  that  if  they  could 
start  with  a  clean  slate  they  would  consider 
Linux  or  some  platform  other  than 
Windows  on  which  to  build  their  messag¬ 
ing  platforms.  In  addition,  roughly  22%  said 
they  would  prefer  their  next  messaging  plat¬ 
form  on  something  other  than  Windows. 


That  still  leaves  a  majority  selecting 
Windows,  which  is  the  platform  for  Ex¬ 
change  and  for  a  majority  of  Notes/ 
Domino  users.  Those  users  like  to  take 
advantage  of  Windows’  wealth  of  third- 
party  tools  and  availability  of  trained 
administrators. 

And  Linux-based  messaging  platforms 
still  have  some  limitations,  experts  say 

“The  majority  of  the  Linux  products  are 
from  smaller  vendors  and  are  focused  on 
providing  reliable  e-mail  routing  and  mail¬ 
boxes,  and  usually  calendaring/schedul¬ 
ing,  but  not  much  else,”  says  Mark  Levitt,  an 
analyst  with  IDC.  “This  means  that  you 
won’t  tend  to  find  more  advanced  features 
out  of  the  box.  Also,  there  are  limited  third- 
party  add-ons  designed  to  work  with  these 
products,  which  means  extending  the 
smaller  vendors’  platforms  is  most  often  a 
customer  build-your-own  task.” 

But  Linux  converts  are  citing  reliability 
and  cost  issues  as  reasons  to  switch.  And 
with  top  corporate  platforms  such  as 
Notes/Domino  and  GroupWise  available 
on  Linux,  users  don’t  have  to  give  up 
functionality. 

In  addition,  smaller  vendors  are  offering 
integration  with  Microsoft  Outlook  and 
Novell’s  Evolution  clients,  and  browser 
interfaces  and  connections  to  mobile 
devices,  which  allow  users  to  switch 
messaging  platforms  without  disrupting 
end  users.  On  the  infrastructure  side  inte¬ 
gration  with  Microsoft’s  Active  Directory 
Novell’s  eDirectory  and  other  directory  ser¬ 
vices  based  on  Lightweight  Directory 
Access  Protocol  plug  Linux  into  current 
user  management  systems. 

“Why  Linux?  Why  now?  Because  I  wanted 
something  that  was  stable,”  says  Edward 
Bailey  a  former  Exchange  user  and  direc¬ 
tor  of  IT  operations  for  the  Department  of 
Materials  Science  &  Engineering  at  the 
University  of  Florida.  “In  the  last  year, 
I’ve  only  had  30  minutes  of  unplanned 
downtime.” 

Bailey  runs  Scalix,  which  he  says  is  the 
best  substitute  for  Exchange.  He  says  the 
only  blip  in  adopting  the  platform  is  the 
Linux  learning  curve.  “The  underlying  OS 
can  be  an  issue  for  some.  I  don’t  think  your 
average  Exchange  admin  could  easily 
make  the  switch  over?  he  says. 

But  some  say  that  also  is  starting  to 
become  less  of  an  issue. 

“People  are  saying  this  is  a  serious  plat¬ 
form  and  it  needs  some  serious  apps,”says 
Ted  Haeger,  director  of  product  marketing 
for  collaboration  at  Novell.  ■ 
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Implications  of  an  improving  Internet 

M 


ost  of  the  Internet  has  been  getting 
better  over  the  past  few  years.  In 
much  of  the  world,  the  Internet  is 
now  good  enough  for  all  but  the  most 
demanding  applications. 


This  improvement  has  been  in  the  de¬ 
fault  “best  effort”  service  and  hasn’t  de¬ 
pended  on  ISPs  implementing  fancy  QoS 
mechanisms.  Paradoxically,  some  ISPs 
might  see  this  news  as  a  threat  to  their 
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I  convinced  my  boss  to  get 
this  big  honkin’  collaboration 
infrastructure  only  a  genius 
like  me  could  ever  use. 
Check  it  out  on  my  blog 
at  www.frankwillis.com 

-  Frank  Willis 
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cO  Collaboration  Suite 


Ipswitch  Collaboration  Suite,  the  solution  for  small 
and  mid-sized  business  collaboration  that  just  works. 

Use  Microsoft®Outlook®  or  your  browser  to  connect 
to  a  powerful  industry-leading  messaging  server.  Communicate  in  real  time  with  anyone 
in  your  company  using  secure  instant  messaging.  Streamline  group  collaboration  with 
shared  calendars  and  free-busy  meeting  scheduling.  Reduce  junk  e-mail  and  stop 
viruses.  All  this,  and  Ipswitch  Collaboration  Suite  is  easy  to  install,  manage  and  use. 
Play  it  “safe”  like  Frank.  Or  be  smart.  Go  to  www.ipswitch.com  and  find  success 
with  Ipswitch  Collaboration  Suite. 
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Reliable 
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mailboxes  worldwide 
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future  financial  health. 

There  are  a  number  of  research  groups 
currently  studying  Internet  performance, 
although  it  still  is  not  easy  to  get  good  data, 
as  KC  Claffy  details  in  one  of  her  talks  at 
www.nwfusion.com,  DocFtnder:  6527. 

Claffy  is  the  main  investigator  of  Cooper¬ 
ative  Association  for  Internet  Data  Analysis 
(CAIDA),  an  analysis  and  research  group 
that  is  one  of  the  best  Internet-related  re¬ 
search  centers  (DocFinder:  6528). 

Members  of  the  physics  community 
also  are  studying  the  Internet.  The 
International  Committee  on  Future 
Accelerators  has  had  working  groups 
thinking  about  Internet  performance 
since  at  least  1997.  One  such  group  was 
formed  in  2002  and  published  a  paper  on 
the  state  of  Internet  performance  in 
January  (DocFinder:  6529).  I’m  not  sure 
why  the  physicists  are  studying  Internet 
performance,  unless  it’s  to  figure  out  if 
they  can  use  the  Internet  to  deliver  the 
(very)  large  data  sets  that  their  experi¬ 
ments  produce.  In  any  case,  their  work  is 
very  good. 

Their  latest  report  mostly  deals  with 
packet  loss  in  data  transmissions,  with 
round-trip  times  and  with  data  throughput 
between  the  Stanford  Linear  Accelerator 
and  testing  points  throughout  the  world. 
The  countries  where  the  testing  points  are 
located  represent  78%  of  the  world’s  popu¬ 
lation  and  99%  of  the  world’s  Internet 
users.  The  test  results  show  that  by  the  end 
of  2003,  the  packet  loss  rate  to  countries 
with  77%  of  the  world’s  population  was  low 
enough  that  VoIP  would  work  with  good  or 
acceptable  quality  This  is  up  from  48.8%  in 
2001.  One  example  is  reliability  within  the 
U.S. —  packet  loss  rate  fell  from  more  than 
10%  in  January  1995  to  less  than  0.5%  in 
January  2004. 

Round-trip  times  have  fallen  and  data 
throughput  have  increased.  These 
improvements  have  been  in  the  standard 
Internet  “best  effort”  service.  As  Vonage 
and  other  overlay-VoIP  services  have 
shown,  VoIP  “just  works”  for  much  of  the 
world  most  of  the  time. You  don’t  have  to 
pay  the  carriers  extra  for  better  service  to 
make  VoIP  work  well  enough  to  be  very 
useful.  This  fact  might  be  a  real  threat  to 
the  financial  well-being  of  carriers  that 
plan  to  make  more  money  by  charging 
extra  for  better  quality  service  —  and  that 
includes  most  of  the  traditional  telcos. 
These  carriers  will  be  forced  to  try  to  make 
money  selling  a  commodity  service, 
unless  more  of  them  purposefully  try  to 
mess  up  their  networks  to  mess  up  VoIP  as 
Vonage  has  claimed  that  some  already  do. 
These  carriers  could  be  in  for  a  rough  ride. 

Disclaimer:  Harvard  claims  not  to  be  in 
the  commodity  service  business  but  has 
not  expressed  an  opinion  on  carriers  that 
may  be  forced  to  be  so  —  thus  the  above 
is  my  own  opinion. 
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Bradner  is  a  consultant  with  Howard 
University’s  University  Information  System. 
He  can  be  reached  at  sob@sobco.com. 


SAVE  $129 


NetworkWorld 

Apply  for  a  FREE  Subscription 

($129  value) 


51  weekly  issues  •  Product  tests  and  reviews 
Expert  opinion  •  6  special  issues 


Subscribe  today  at  my.nww.com  | 

enter  priority  code  B04A 


SAVE  $129 


FREE 


Subscribe  today  at 

my.nww.com 


Enter  priority  code  B04A  and  SAVE  $129 


WEBCASTS 


>  >  FRE 


ca 


Network  Knowledge  At  Your  Fingertips 


— - — - 


- ^ 


IT  Cost  Control  through 
Smarter  Document  Output 
Management 
Xerox 

Have  you  taken  a  dose  took  at  the  total 
cost  for  printing,  copying,  faxing  and 
imaging  assets  and  services  in  your 
organization? 

Learn  how  smarter  document  output 
management  helps  control  costs  and 
save  money. 

www.nwfusion.com/XEROXWC 


Are  Blade  Servers  too  Hot 
to  Handle?  Strategies  for 
Optimal  Network-critical 
Physical  Infrastructure 


Cooling-  not  power-seems  to  be  the 
biggest  stumbling  block  for  data 
centers. 

Get  advice  on  how  to  prepare  data 
centers  to  manage  increased  heat  loads 
including  tips  on  how  to  prevent  blades 
from  overheating. 


To  select  from  our  complete 
list  of  on-demand  webcasts, 
visit: 

www.nwfusion.com/ITWPR 


lit® 


Covering  vital  topics  like  security, 
applications,  and  wireless,  our 
webcasts  are  highly  focused,  single 
topic  briefings  from  experts  in 
technology— streamed  direct  to 
your  desktop. 

Additional  featured  webcasts  include: 

Critical  Lessons  in  Business  Transformation 
with  IP  Communications 

Cisco  Systems 

Best  Practices  for  Disaster  Recovery 
Across  the  WAN 

Peribit  &  Veritas  Software 

VoIP:  From  Hype  to  Reality 

Qwest 

Evaluating  and  Selecting  IP  Telephony 
Solutions 

ShoreTel 

Streamlining  Patch  Testing  &  Deployment 

LANDesk 

Unlocking  the  Potential  of  SSL  VPNs:  The 
Need  for  Application  Insight 

Whale  Communications 

y  Sign  on  for  our  webcast  newsletter,  visit: 

www.nwfusion.com/go/pal 
l  Always  on.  Always  current.  Always  FREE! 


For  information  on  Network  World  Events,  visit:  www.nwfusion.com/EVTHM 


-PRODUCED  BY 


flcceto. 


commuNicATiOMs 


4/4/05 


Application  Services 


Focus 


waging  threats. 


WWW. 


nwfusion.com  1 


ringing  security  to  instant  messaging 


SE  BY  CARA  GARRETSON 

In  February  the  first  arrest  was  made  of  a  man  who 
violated  the  CAN-SPAM  law  by  sending  unsolicited 
commercial  messages  not  over  traditional  e-mail  but 
over  instant  messaging.  Given  the  rate  at  which  e-mail 
threats,  including  spam,  viruses  and  phishing  attacks,  are 
migrating  to  the  world  of  instant  messaging,  this  arrest 
isn’t  likely  to  be  the  last  of  its  kind. 

“Virtually  every  one  of  the  issues  we’ve  had  to  deal  with 
regarding  e-mail  hygiene  is  currently  applicable  to  instant 
messaging  or  will  be  soon,” says  Matt  Cain,  an  analyst  with 
Meta  Group.“It’s  just  a  matter  of  time  before  we  see  hack¬ 
ers,  vims  writers  and  spammers  aggressively  target  IM.” 

Clearly  IM  is  not  nearly  as  widely  used  as  email  on 
enterprise  networks,  and  therefore  the  threats  are  not  as 
significant.  However,  the  advantage  of  having  this  low- 
cost,  real-time  communications  mechanism  on  users’ 
desktops  is  gaining  popularity  in  the  corporate  world. The 
Radicati  Group  estimates  85%  of  corporations  in  North 
America  are  using  IM,  either  as  a  sanctioned  corporate 
application  or  in  unauthorized  pockets.That’s  up  from 
70%  in  2003,  the  last  year  the  firm  tracked  it. 

“IM  is  still  growing  as  a  communications  method,  but 
the  increasing  use  of  it  is  driving  more  and  more  people 
to  target  this  system,”  says  Francis  Costello,  chief  marketing 
officer  at  Akonix,  which  makes  IM  management  and  secu¬ 
rity  software. 

With  IM’s  recent  growth  comes  the  need  to  secure  these 
communications  systems,  says  Sara  Radicati,  an  analyst 
with  The  Radicati  Group.  But  protecting  networks  from  IM 
abuses  is  often  overlooked,  even  by  corporations  with 
extensive  security  schemes,  she  says. 

Ignoring  the  potential  for  IM  abuses  can  be  a  dangerous 
mistake,  because  the  nature  of  unwanted  messages  is 
changing,  experts  say  While  IM  spam,or“spim,”has 
popped  up  on  users’  screens  for  a  few  years  now,  it  is 
evolving  from  simply  a  nuisance  to  a  serious  threat. 
Originally  used  primarily  by  operators  of  Web  sites  —  usu¬ 
ally  featuring  pornographic  material  or  financial  lending 
deals  —  to  lure  unsuspecting  users  to  their  sites,  spim  has 
become  the  latest  way  to  distribute  viruses  and  other  mal¬ 
ware  that  can  find  a  back  door  into  a  corporate  network. 

According  to  Akonix,  the  number  of  viruses  spread  via 
IM  in  the  first  six  weeks  of  this  year  tripled  vs.  the  same 
time  period  last  year.  IMlogic,  an  IM  management  and 
security  software  vendor,  currently  tracks  more  than  300 
viruses  and  worms  spread  via  IM. 

Media  General,  a  publishing,  broadcast  and  interactive 
media  company  in  Richmond, Va., began  using  IM  in 
2003,  when  a  new  division  president  who  was  hooked  on 
the  communications  method  was  hired,  says  Director  of 
Security  Mike  Miller.  After  monitoring  the  company’s  IM 
traffic  via  a  program  called  Snort,  Miller  says  he  realized 
just  how  vulnerable  IM  could  be. 

“We  watched  the  traffic,  and  we  could  see  clear  text  go 
over  the  Internet  and  back,”  he  says.  What  concerned  him 
even  more  was  that  the  company  couldn’t  restrict  IM  file 
transfers  and  therefore  couldn’t  protect  against  viruses. 

Media  General  installed  software  from  IMlogic  to  man¬ 
age  its  IM  communications  and  provide  spam  and  virus 
protection. “I’ve  heard  of  companies  where  all  their  users 


are  using  IM  [without  a  management  tool] . . .  .That’s  just 
dumb,”  Miller  says. 

Because  IM  programs’  buddy  lists  have  direct  connec¬ 
tions  with  other  computers,  IM  viruses  can  spread  faster 
than  e-mail  viruses,  says  IMlogic  CTO  Jon  Sakoda. 

Although  the  concept  of  spoofing  IM  names  hasn’t 
truly  evolved  —  it’s  hard  to  guess  someone’s  screen 
name,  unlike  their  e-mail  address  —  IM  also  lends  itself 
to  phishing  because  users  tend  to  respond  to  chat  mes¬ 
sages  without  thinking.“IM  is  associated  with  personal 
communication,”  Sakoda  says.Today  people  expect 
an  IM  that  pops  up  is  from  another  human  being,  where 


competing  systems,  because  currently  an  MSN  user  can’t 
otherwise  exchange  messages  with  an  AOL  user,  for 
example. 

In  addition  to  offering  virus  and  spam  protection,  these 
management  programs  give  administrators  a  way  to  mon¬ 
itor  IM  use.  For  example,  administrators  can  be  sure  that 
only  authorized  users  are  sending  and  receiving  instant 
messages,  because  the  traffic  is  funneled  through  an  IM 
server  before  leaving  the  corporate  network  (see  graph¬ 
ic),  where  messages  from  unauthorized  users  can  be 
blocked. 

At  Amerex,an  energy  commodity  brokerage  firm  in 
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on  e-mail  they’re  more  savvy  about  getting  mass 
sendings.” 

IMlogic  surveys  have  revealed  that  twothirds  of  IM  users 
always  will  accept  an  incoming  message,  even  if  they 
don’t  recognize  the  name  of  the  sender.  Phished  IMs  gen¬ 
erally  don’t  ask  the  recipient  to  enter  sensitive  informa¬ 
tion  directly  into  the  response,  as  e-mails  tend  to.  Instead, 
they  try  to  lure  users  to  fraudulent  Web  sites  that  keylog 
such  entries,  Sakoda  says. 

“As  more  people  get  on  IM,  there  may  be  more  people 
trying  to  impersonate  others,” says  Matt  Bushman,  IT  ana¬ 
lyst  with  Minnesota’s  Rochester  Public  Utilities,  which 
runs  Akonix’s  IM  management  and  security  software.11!, 
personally,  don’t  find  [IM  abuses]  to  be  an  issue  now,  but 
a  year  or  two  from  now  this  could  explode.” 

For  organizations  that  already  manage  their  IM  commu¬ 
nications  with  software  from  IMlogic,  Akonix,  FaceTime 
Communications  or  others,  dealing  with  this  new  security 
threat  is  rather  straightforward.These  vendors  have  added 
spam-  and  virus-blocking  features  on  top  of  their  current 
tools.This  adds  a  layer  of  security  to  the  tools’  main  man¬ 
agement  functions,  which  let  a  company’s  users  choose 
any  Internet-based  IM  program  and  chat  with  users  on 


Houston,  150  users  run  freely  available  IM  software  from 
Microsoft,  AOL  and  Yahoo.  While  CIO  Brian  Trudeau  says 
he  was  hesitant  to  allow  IM  into  the  company,  he  figured 
it  would  be  wiser  to  condone  it  so  he  could  manage  it, 
rather  than  suffer  the  consequences  of  rogue  usage. “It’s  a 
very  hard  tool  to  control,  you  have  to  either  open  it  wide 
up  or  shut  it  down,”  says  Trudeau,  who  chose  the  former 
because  brokers  at  the  company  find  it  a  useful  method 
of  communicating  in  time-sensitive  situations. 

Amerex  runs  IMlogic  not  only  for  its  security  and  man¬ 
agement  features  but  also  so  it  can  capture  chat  conver- 
sations.“We  use  IMlogic  for  logging  all  of  our  conversa¬ 
tions  in  case  one  of  our  brokers  messages  one  of  the 
traders  something  ...  we  can  run  a  report . . .  and  clear  up 
discrepancies, ’’Trudeau  says.This  logging  feature  also  can 
be  helpful  for  companies  that  are  regulated  when  it 
comes  time  to  audit  compliance.  ■ 
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Federal  contract  a  sign  of  telco  changes 


■  BY  CAROLYN  DUFFY  MARSAN 

The  federal  government  next  month  will 
launch  a  10-year,  $20  billion  telecom  ser¬ 
vices  buy  that  has  attracted  the  attention  of 
every  major  U.S.  service  provider.  The  so- 
called  Networx  deal  is  important  not  only 
for  its  size  but  also  for  leading-edge  IF?  wire¬ 
less  and  managed  services  that  agencies 
are  looking  to  buy  (See  www.nwfusion. 
com,  DocFinder:  6535.) 

With  Networx,  the  government  plans  to 
buy  integrated  network  packages  rather 
than  individual  voice,  data  and  video  ser¬ 
vices.  Carriers  bidding  on  the  deal  say  Net¬ 
worx  is  a  harbinger  of  changes  in  the 
broader  telecom  marketplace. 

“Obviously  we’re  bidding  on  Networx  for 
the  revenue.  It’s  extremely  important,”  says 
Bob  Collet,  vice  president  of  engineering  at 
AT&T  Government  Solutions.  “But  I  think 
Networx  is  also  important  because  it 
advances  us  ...  as  a  network  integrator  as 
well  as  a  systems  integrator.  A  major  com¬ 
ponent  of  this  deal  includes  elements  of  IT 
services  such  as  hosting  and  storage  and 
applications  integration.” 

The  General  Services  Administration’s 
(GSA)  vision  for  one  program  that  com¬ 
bines  telecom  and  IT  services  “is  a  micro¬ 
cosm  of  our  industry  Collet  adds.“Networx 
is  important  because  it’s  a  catalyst  for  us  to 
get  there  as  a  whole  corporation.” 

Run  by  the  GSA,  Networx  will  replace  an 
expiring  series  of  contracts  known  as 
FTS2001.  Sprint  and  MCI  hold  the  main 
FTS2001  contracts,  but  Qwest,  AT&T,  SBC 
and  others  hold  what  are  called  crossover 
contracts  that  let  them  bid  on  federal  jobs. 

The  FTS2001  contracts  expire  in  2007.  To 
replace  FTS2001,  the  GSA  plans  to  award 
seven  contracts  under  its  Networx  pro¬ 
gram,  which  is  divided  into  two  parts:  Uni¬ 
versal  and  Enterprise. 

Under  Networx  Universal,  service  provi¬ 
ders  will  offer  37  domestic  and  interna¬ 
tional  services,  ranging  from  older  frame 
relay  and  ATM  to  IP  VPNs  and  VoIP 

The  Networx  Enterprise  contracts  are 
geared  toward  smaller,  specialized  carriers 
that  can’t  meet  the  tougher  Universal  re¬ 
quirements.  Carriers  must  bid  a  core  set  of 
nine  IP  and  wireless  services. 

Bids  are  expected  to  be  due  in  July  with 
an  award  date  planned  for  April  2006. 

“One  big  difference  between  FTS2001  and 
Networx  is  that  wireless  services  are  being 
added  for  the  first  time,”  says  Tony  D’Agata, 
vice  president  and  general  manager  for 
Sprint’s  Government  Systems  Division. 


Rigorous  requirements 

The  U.S.  government  is  looking  for 
many  leading-edge  services  on 

Networx  including: 

•  Converged  IP. 

•  Dark  fiber. 

•  Unified  messaging. 

•  Dedicated  and  collocated  Web 
hosting. 

•  Managed  security  and  mobility 
services. 

•  Integrated  wireless  and  wireline 
products. 

•  Network-based  storage. 

“There’s  also  a  greater  emphasis  on  security 
items  and  IP-type  services.  IP  is  becoming  a 
major  platform  for  quality  of  service,  class  of 
service  and  converged  services.” 

In  addition,  Networx  demonstrates  the 
government’s  increased  willingness  to 
buy  managed  network  services  rather 
than  network  piece  parts  that  agencies 


manage  themselves. 

“There  are  a  lot  more  managed  services: 
managed  network  services,  managed 
security  services  and  managed  mobility 
services,”  D’Agata  says.  “Government  agen¬ 
cies  are  willing  to  rely  more  on  industry  to 
provide  those  capabilities.” 

Carriers  say  that  winning  Networx  will 
help  them  develop  new  capabilities  for 
the  commercial  marketplace,  particularly 
in  security 

“Security  under  Networx  is  a  huge  oppor¬ 
tunity?’  says  Susan  Zeleniak,  vice  president 
of  civilian  networks  for  MCI’s  Government 
Markets  Division.  “If  we  can  meet  the  gov¬ 
ernment’s  requirements,  we’ll  be  able  to 
meet  the  commercial  requirements.” 

Security  services  requested  in  Networx 
are  “state  of  the  art,”  Collet  agrees.“There  is 
a  strong  flavor  of  national  security  and 
emergency  preparedness.  Some  of  the 
lessons  learned  during  Sept.  1 1  about  con¬ 
tinuity  of  operations  are  being  manifested 
in  Networx.” 

However,  the  aspect  of  Networx  that  is 


attracting  the  most  interest  from  service 
providers  is  IP  convergence. 

“We’re  seeing  intense  interest  across  all 
agencies  in  VoIP”  says  Jim  Payne,  senior 
vice  president  and  general  manager  of 
Qwest  Government  Services  Division.  “All 
these  years  we  talked  about  convergence, 
but  now  there’s  finally  a  stable  product 

line _ Qwest  is  a  leader  in  that.  We  really 

have  the  ability  to  scale  very  quickly”  to 
meet  the  Networx  requirement. 

For  incumbents  Sprint  and  MCI,  Networx 
offers  the  opportunity  to  retain  a  huge  and 
lucrative  customer  in  the  federal  govern¬ 
ment.  Sprint  makes  $800  million  per  year 
on  FTS2001  and  its  other  federal  contracts, 
while  MCI  makes  $1  billion. 

“What  Networx  requires  us  to  do  is  look 
out  into  the  future.  It’s  a  10-year  opportuni¬ 
ty,  and  we  have  to  strategically  align  our  var¬ 
ious  products  in  such  a  way  that  the  fea¬ 
tures  that  the  government  requires  can  be 
transposed  into  the  commercial  market,” 
says  Jerry  Edgerton,  senior  vice  president 
of  MCI’s  Government  Markets  Division.  ■ 


MCl-Verizon:  A  happy  ending,  but  for  whom? 
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(n  telecom’s  version  of  “The  Bachelor- 
ette,”  at  the  11th  hour  MCI  spurned 
Qwest’s  $8.45  billion  proposal  last  week 
to  go  with  a  sweetened  Verizon  offer  of  $7.6 
billion.  The  markets  applauded:  Verizon’s 
shares  rose  nearly  2%  in  the  first  hours  of 
trading  (rare  for  an  acquiring  company), 
while  MCI  traded  to  its  annual  highs. 
Pundits  are  beaming.  All  that’s  missing  is  a 
wedding  cake  and  triumphal  march. 

But  hold  on.  Clearly  the  Verizon  bid  is  a 
better  offer.  But  before  breaking  out  the 
champagne, you  might  want  to  ask  two  crit¬ 
ical  questions. 

The  first  is,  “Better  for  whom?”  Stake¬ 
holders  in  the  deal  include  both  customers 
and  shareholders.  And  the  deal  affects 
them  rather  differently 
The  second  question  is, “Better  than  what 
alternative?”  Verizon  and  Qwest  clearly  be¬ 


lieve  MCI  is  worth  roughly  $8  billion. 

That’s  debatable.  Given  the  lousy  success 
rate  of  mergers  in  general  (HP/Compaq, 
anyone?  How  about  AT&T  and  NCR?),  it’s 
possible  that  Verizon  might  have  done  bet¬ 
ter  plowing  that  capital  into  its  own  net¬ 
work  and  services,  while  aggressively  cher¬ 
ry-picking  MCI’s  customers.  Qwest,  on  the 
other  hand,  was  pretty  much  out  of 
options:  With  declining  revenue,  balloon¬ 
ing  debt  and  less  than  $2  billion  in  the 
bank,  the  company  needed  MCl’s  revenue 
base  as  much  as  MCI  needed  its  stability 

Meantime,  there’s  no  debate  that  mergers 
bring  upheaval,  churn  and  customer  dis- 
satisfaction.Verizon  says  it  will  reduce  costs 
by  laying  off  4,000  workers  from  the  com¬ 
bined  company  What  happens  to  the  cus¬ 
tomers  they  would  have  been  serving 
while  those  about-to-be-fired  employees 
polish  their  resumes?  If  history’s  any  judge, 
the  answer  isn’t  pretty 

Which  brings  us  to  the  first  question:  For 
who,  exactly  is  this  deal  a  happy  ending? 

Clearly,  for  MCI’s  shareholders,  the  deal  is 
great  news.  Verizon  can  do  more  for  MCI 
than  Qwest:  It  already  has  committed  to 
plowing  $3  billion  of  badly  needed  capital 
into  MCI’s  infrastructure,  something  Qwest 
couldn’t  have  hoped  to  accomplish. 


For  Verizon  shareholders,  the  jury’s  out.  If 
the  deal  succeeds,  it  will  have  been  a  good 
thing.  But  we  won’t  know  until  we  get  there. 

As  for  customers,  here’s  the  big  problem. 
The  top  U.S.  telcos  are  SBC,  Sprint, Verizon, 
AT&T  and  BellSouth,  with  MCI  and  Qwest 
arguably  the  struggling  underdogs. 

Guess  what?  This  deal  means  the  only 
strong  player  that’s  not  involved  in  a  merg¬ 
er  is  BellSouth  —  which  doesn’t  have 
much  of  a  national  presence.  That  means 
that  telecom  managers  looking  to  safe¬ 
guard  their  services  by  issuing  competitive 
RFPs  have  basically  three  options:  SBC/ 
AT&T,  Sprint/Nextel  and  Verizon/MCI  — 
nobody  that’s  not  actively  merging,  and 
one  fewer  than  if  Verizon  remained  a  stand¬ 
alone  alternative. 

Hate  to  tell  you,  guys,  that’s  not  a  good 
thing.  When  all  your  suppliers  are  in  the 
throes  of  “merger  hell,”  service  tends  to  go 
. .  .well, you  know  where. So  while  everyone 
else  is  breaking  out  the  champagne,  tele¬ 
com  managers  probably  should  stock  up 
on  the  Pepto-Bismol. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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NetWorker 


SERVICES  AND  STRATEGIES 
FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


McKesson  teleworks  nursing 


■  BY  TONI  KISTNER 

Whether  nurses  work  in  hospitals,  private 
practice  or  dispense  medical  advice  over 
the  phone,  they  are  social  animals,  care¬ 
givers.  At  the  call  centers  of  McKesson 
Health  Solutions,  nurse-agents  are  quick  to 
celebrate  birthdays  and  organize  potluck 
dinners  —  developing  strong  bonds  with 
colleagues. 

So  when  McKesson  Health  Solutions 
asked  its  400  call  center  RNs  about  working 
from  home  in  2003,  it  got  a  mixed  message. 
While  interest  was  very  high, and  40%  of  the 
nurses  already  had  the  required  broad¬ 
band  connection,  only  15  nurses  signed  up 
for  the  pilot  program.  Despite  some  early 
reticence  and  a  few  technology  hurdles, 
McKesson’s  Work@Home  program  is  thriv- 


■  Earthlink  has  announced  a  VPN 
service  for  its  small-business  custom¬ 
ers.  Based  on  the  managed  VPN  ser¬ 
vices  platform  from  Positive  Net¬ 
works,  EarthLink  VPN  offers  client- 
and  Web-based  access  to  data  and 
applications  on  the  corporate  net¬ 
work.  Features  include  centralized 
management,  endpoint  monitoring, 
policy  enforcement  and  automated 
anti-virus  updates  and  patches.  Pric¬ 
ing  starts  at  $100  per  month  for  a 
three-user  license. 

■  Buffalo  Technology  has  teamed 
with  Tanagra  to  bundle  a  trial  version 
ofTanagra’s  back-up  software  Memeo 
with  its  DriveStation,  LinkStation  and 
TeraStation  storage  devices.  (Current 
customers  can  download  the  soft¬ 
ware  from  the  Web  site.)  Memeo  lets 
users  securely  store,  track,  search 
and  share  data  files  such  as  music, 
photos,  and  presentations.  File  up¬ 
dates  are  automatically  saved  to  the 
storage  device;  when  changes  are 
made  to  a  file  when  disconnected 
from  the  device,  Memeo  updates  the 
file  automatically  upon  reconnection. 
Available  in  June,  the  Memeo  trial  ver¬ 
sion  lasts  for  30  days  and  then  costs 
$29.95. 


ing,  and  yields  the  company  impressive 
cost  savings. 

McKesson’s  goals  were  specific:  The  divi¬ 
sion  of  the  Fortune  12  corporation  wanted 
to  reduce  call  center  nurses’  hourly  wage 
(at  home  nurses  would  make  20%  less),  in¬ 
crease  its  pool  of  applicants  in  new  geo¬ 
graphic  areas  and  reduce  its  real  estate 
footprint. 

The  division,  based  in  Broomfield,  Colo., 
has  call  centers  in  several  states,  mostly  in 
the  West.  It  conducts  two  services:  inbound 
triage,  where  people  call  about  a  health 
problem,  and  outbound  support,  where 
nurses  monitor  patients  with  chronic 
health  problems  such  as  diabetes.The  latter 
service  is  growing  considerably.  As 
McKesson  wins  contracts  with  state  Medi¬ 
care  and  Medicaid  agencies,  it  needs  to 
hire  nurses  in  those  states.  This  is  because 
state  agencies  are  pushing  to  increase  local 
jobs  and  provide  callers  with  an  agent  of 
similar  geography  and  accent. 

When  McKesson  won  the  Mississippi 
Medicare  contract,  it  spent  $400,000  to  set 
up  a  call  center  in  Jackson. “We  were  look¬ 
ing  at  spending  that  much  in  each  state. 
Now  we  don’t  have  to,”  says  Mike  Modiz, 
vice  president  of  operations  and  strategic 
projects  “We  have  a  call  center  in  Dallas,  but 
we’re  more  successful  recruiting  Spanish¬ 
speaking  nurses  in  San  Antonio  and 
Houston.  So  we  could  hire  them  straight 
into  the  home,  avoiding  that  cost.” 

Initially  McKesson  nurses  provided  their 
own  PC  and  broadband  connection;  the 
firm  provided  the  softphone  and  a  $300 
ergonomic  chair. When  nurses  log  on  to  the 
Citrix  Secure  Gateway  and  launch  the  soft- 
phone,  the  voice  system  calls  their  dedicat¬ 
ed  landline,  “nailing  up”  a  connection. 
McKesson  says  it  relies  on  custom-built 
applications  and  E-Quality  a  data  and 
voice  monitoring  system  from  Witness 
Systems.  Nurses  also  rely  on  the  secure 
messaging  application  Jabber. 

“I  loved  working  in  the  call  center)’  says 
Evette  San  Nicolas,  a  single  mother  living 
near  Denver.  “So  when  I  first  came  home,  I 
suffered  from  withdrawal.  But  I  wouldn’t 
want  to  go  back. When  my  kids  are  sick,  I’m 
here.  On  my  break,  I  make  them  lunch.” 

Health  Insurance  Portability  and  Ac¬ 
countability  Act  regulations  requires  pa¬ 
tient  information  not  be  viewable  by  any¬ 
one  other  than  the  nurse,  but  McKesson 
lets  nurses  work  in  a  shared  area  and  when 
family  members  are  home. 

“We’re  adults,  we  can  manage  our  life,  we 
can  manage  our  work,"  says  Kim  Kenote.a 


Budget  boost 

McKesson  Health  Solutions’ 
Work@Home  program  thus  far 
has  transitioned  175  of  its  400  call 
center  agent  nurses  to  home 
offices,  yielding  these  results: 


•  20%  labor  rate  reduction  for 
Work@Home  agents  compared 
with  call  center  agents. 

•  10%  productivity  increase  overall 
of  Work@Home  agents  compared 
with  call  center  agents. 


6%  attrition  rate  forWork@Home 
agents  vs.  29%  attrition  rate  for  call 
center  staff. 


•  50%  reduction  in  floor  space  in  two 
locations;  20%  reduction  in  a  third. 

•  $500,000  avoided  in  lease  costs 
during  project's  first  year  (2003). 


nurse  and  instructor  who  works  from 
home  in  the  Chicago  area.  “Some  nurses 
put  signs  on  the  front  door  saying  ‘I’m  work¬ 
ing.’  Others  tell  their  kids,  ‘Don’t  bother 
Mommy  unless  you’re  bleeding.’  It’s  OK  to 
have  family  around  so  long  as  they  don’t 
disrupt  the  work  environment.” 

Elana  Bluestone,  a  24-year  hospital  veter¬ 
an  who  works  in  the  Denver  area,  doesn’t 
miss  the  call  center.  Her  husband,  an  artist, 
also  works  from  home  and  “rubs  my  shoul¬ 
ders  and  brings  me  tea,”  she  says. 

Each  call  center  provides  two  hoteling 
spots  for  at-home  nurses  who  occasionally 
work  in  the  office.  Many  have  used  them  to 
east  the  transition. 

But  just  as  nurses  were  settling  into  their 
new  roles,  McKesson  corporate  expressed 
security  concerns  —  not  about  exposing 
network  data  but  about  delivering  virus 
updates  to  remote  systems.  The  IT  depart¬ 
ment  outfitted  the  at-home  nurses  with  a 
Wyse  thin  client  running  Microsoft  XP 
Embedded,  a  Linksys  router  and  KVM 
switch  for  toggling  between  work  and 
home  systems. 

McKesson  also  is  testing  Rapport,  a  Wyse 
program  that  provides  remote  manage¬ 
ment.  “Right  now,  the  client  configurations 
are  static.  But  with  Rapport,  we’ll  be  able  to 
push  [operating  system]  updates  to  the  thin 
clients, ’’says  Kurt  Bergman,  manager  of  field 
technical  services. 

For  redundancy  calls  are  routed  to  two 
data  centers  in  Colorado  and  California. 


care 

“Having  agents  buy  their  own  broadband 
connections  gives  us  some  disaster-recov¬ 
ery  protection  because  we  haven’t  spread 
our  network  over  one  vendor)’  Modiz  says. 

There  is  a  downside  to  this  approach. 
“Ninety-plus  percent  are  working  just  fine. 
But  some  nurses  have  been  using  very 
cheap  DSL  service,  the  kind  providers  usu¬ 
ally  advise  shouldn’t  be  used  for  telework.  It 
goes  down  a  lot,”  Bergman  says. 

Nurses  must  use  cable  or  DSL.  Some  who 
can’t  get  either  are  paying  double  for  ISDN. 
Bergman  admits, “We  need  to  put  some  def¬ 
inition  around  [the  broadband  policy]. 
We’ve  been  so  focused  on  the  core  infra¬ 
structure,  it’s  time  to  consider  a  wider  range 
of  options.” 

A  downed  connection  is  a  nurse’s  respon¬ 
sibility  says  Linda  Casey  Work@Home  oper¬ 
ations  and  workforce  manager  at  Mc¬ 
Kesson. “If  your  car  breaks  down,  you  don’t 
expect  the  company  to  fix  it.” 

Today  most  of  the  recruiting  and  training 
of  new  hires  is  done  remotely,  although 
Casey  brings  them  into  their  proximate 
regional  offices  for  two  days  of  “Mc- 
Kessonizing.”“We  need  to  create  a  relation¬ 
ship  and  a  bond,”  she  says. 

Nurses  follow  up  with  four  weeks  of  train¬ 
ing  —  a  mix  of  group  Web  conferencing 
sessions  and  self-study  lessons.  “We’ve 
learned  to  spread  out  the  tech  training,  oth¬ 
erwise,  it’s  overwhelming,”  Casey  says. 

While  McKesson’s  initial  goal  was  to 
transition  50%  of  its  nurses-agent  home,  it’s 
since  upped  that  goal  to  70%,  and  promis¬ 
es  to  send  every  nurse-agent  home  who 
wants  to  go.  Modiz  has  no  plans  to  close 
all  the  centers.  Many  nurses  prefer  the  call 
center  or  see  it  as  a  path  to  advancement. 
And  McKesson  still  needs  to  showcase 
brick-and-mortar  call  centers  to  clients  — 
although  it  does  let  interested  clients  visit 
an  agent’s  home.  ■ 
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AN  INSIDE  LOOK  AT 
CHNOLOGIES  AND  STANDARDS 


BPEL  standardizes  process  management 


HOW  IT  WORKS 


Business  Process  Execution  Language 

BPEL  is  a  programming  language  that  lets  developers 
create  programs  that  automate  interactions  between 
Web  services.  The  diagram  below  shows  BPEL’s  role  in 
service-oriented  architecture. 


0 


With  the  underlying  layers  in  place,  BPEL 
lets  developers  write  high-level  programs 
that  automate  business  activities.  This 
automation  of  interaction  between  Web 
services  is  commonly  referred  to  as  Web 
service  orchestration. 


a  Companies  will  need  a  common 
mechanism  (often  called  a  service  bus) 
for  centralized  management  and 
monitoring  of  enterprise  Web  services. 


0  Web  services  deployment  lets  companies 
v  maximize  their  IT  assets  and  mask  the 
underlying  complexity.  Building  reusable 
Web  services  often  requires  a  range  of 
integration  and  automation  technologies 
and  languages. 
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■  BY  STEPHEN  HOOD 

Business  process  management  provides 
a  graphical  approach  to  automating  and 
monitoring  business  activities,  integrating 
enterprise  applications  and  managing 
manual  tasks.  Historically,  BPM  products 
have  utilized  their  own  proprietary  proc¬ 
ess  languages,  design  tools  and  engines. 
Now  that  BPM  is  considered  a  key  aspect 
of  service-oriented  architecture,  the  lack 
of  an  industry  standard  is  a  significant 
problem. 

An  upcoming  standard  called  Web 
Services  Business  Process  Execution  Lan¬ 
guage  (BPEL)  is  an  important  step  toward 
addressing  this  concern. 

Originally  co-written  by  BEA  Systems, 
IBM  and  Microsoft,  and  currently  under 
review  and  revision  by  the  Organization 
for  the  Advancement  of  Structured  In¬ 
formation  Standards  organization,  BPEL 
has  attracted  a  lot  of  attention  and  indus¬ 
try  backing. 

Slated  for  completion  by  year-end,  BPEL 
should  encourage  the  adoption  of  BPM 
and  SOA  technologies  by  companies  that 
have  hesitated  because  they  were  con¬ 
cerned  about  portability  and  protecting 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


their  investment.  It  also  should  result  in  the 
proliferation  of  new  products  and  solu¬ 
tions,  giving  buyers  newfound  levels  of 
flexibility  and  freedom  in  choosing  tools 
and  platforms. 

BPEL  is  a  programming  language  written 
in  XML.  With  BPEL-based  visual  process 
design  tools,  developers  will  be  able  to  use 
drag-and-drop  diagrams  to  create  pro¬ 
grams  that  automate  interactions  between 
Web  services.  This  activity  is  often  referred 
to  as  Web  service  orchestration. The  proc¬ 
esses  can  range  from  simple  to  complex, 
and  they  can  talk  to  Web  services  running 
on  any  platform,  such  as  Java  2  Platform 
Enterprise  Edition  and  .Net. 

It  is  important  to  note  that  BPEL  can  only 
talk  to  Web  services;  Web  service  orches¬ 
tration  is  all  it  does.  It  is  not  intended  to 
integrate  with  resources  that  do  not  offer  a 
Web  service  interface  (such  as  legacy  or 
custom  applications).  It  is  expected  that 
BPEL  often  will  be  extended  with  other 
languages,  such  as  Java,  and  paired  with 
other  technologies  to  address  these  needs. 

BPEL  is  well  positioned  to  take  advan¬ 
tage  of  a  significant  and  timely  IT  trend: 
SOA,astandards-based  organizational  and 
design  methodology  that  more  closely 
aligns  IT  with  business  processes.  Using 
standard  interfaces  and  shared  Web 
services  that  help  mask  the  underlying 
technical  complexity  of  IT  environments, 
SOA  enables  greater  re-use  of  IT  assets.This 
can  result  in  more  rapid  development,  and 
more  reliable  delivery  of  new  and 
enhanced  business  services. 

Once  a  corporation  has  built  up  a  library 
of  reusable  Web  services,  BPEL  will  make  it 
fairly  straightforward  to  tie  these  services 
together  into  new  applications.  But  these 
services  will  still  have  to  come  from  some 


where;  IT  will  need  to  build,  expose  and 
manage  these  services. 

Because  BPEL  assumes  that  everything  is 
exposed  as  a  Web  service,  it  won’t  always 
help  solve  these  latter  problems. A  range  of 
other  technologies  will  continue  to  be  rel¬ 
evant  for  this  purpose  and  in  completing 
the  SOA  stack.  A  few  examples  are  enter¬ 
prise  application  integration  products  — 
which  can  handle  the  sticky  data  and  inte¬ 
gration  problems  —  and  service  bus  prod¬ 
ucts,  which  will  provide  centralized  man¬ 
agement  and  monitoring  of  a  corpora¬ 
tion’s  Web  services. 


Just  as  BPEL  is  the  first  step  in  BPM  stan¬ 
dardization,  it  also  is  just  one  of  several 
technologies  that  eventually  will  make  up 
most  SOA  deployments. 

While  there  have  been  previous  at¬ 
tempts  at  creating  a  standardized  busi¬ 
ness  process  language,  BPEL  has  attracted 
an  unprecedented  level  of  interest  and  is 
the  first  to  gain  critical  mass  among  soft¬ 
ware  vendors. 

Hood  is  product  manager  for  BPM  at  BEA 
Systems.  He  can  be  reached  at  shood@ 
bea.com. 


Dr.  Internet 


By  Steve  Blass 


is  there  a  free  Web  photo-album  generator  that 
indexes  document  files  in  addition  to  pictures? 

There  are  many  Web  album-generator  packages, 
but  the  one  I  like  is  JAIbum,  a  free  Java  applica¬ 
tion  with  versions  for  Macintosh  and  Unix  sys¬ 
tems.  JAIbum  indexes  zip  files,  Word  documents, 
PDF  files  and  images  when  you  create  an  album. 
Other  file  types  can  be  added  to  the  list  of  items 
included  in  an  album  listing  by  modifying  the  file- 


types.xml  file  included  with  the  program.  To  use 
JAIbum,  download  and  install  the  package  for 
your  operating  system  from  www.jalbum.net. 
After  starting  the  program,  drag  and  drop  the 
directory  from  which  you  want  to  make  an 
album  onto  the  Image  Directory  field  in  the 
JAIbum  dialog  and  click  the  Make  Album  button. 
The  program  creates  an  HTML-based  Web 
album  directory  that  contains  thumbnails  and 
full-sized  images  suitable  for  copying  to  your 


Web  site.  Viewing  the  album  online  requires  only 
a  browser.  Java  is  not  required  for  working  with 
the  finished  album.  JAIbum  provides  several 
skins  to  choose  from  for  your  album  pages,  and 
there  are  several  options  that  let  you  customize 
the  layout. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet^'change 
atwork.com. 


4/4/05  Technology  Update 


mmm 

mmim 

mmm 

Mark 


This  week  we  have  the  CD/DVD  equiv¬ 
alent  of  a  Swiss  Army  knife:  The 
VirtualDrive  Utility  &  Burning  Suite 
from  Farstone  (details  at  www.nwfusion. 
com,  DocFmder  6530),  which,  for  the  sake 
of  brevity;  we  shall  refer  to  as“Vdbs." 

Vdbs  is,  as  they  say  in  the  marketing  biz, 
“feature  packed!”  It  lets  you  access  images 
of  CDs  and  DVDs  stored  on  your  hard  dri¬ 
ves  or  on  the  ‘Net,  will  create  a  “virtual 
hard  drive”  (aka  a  RAM  disk)  for  disk¬ 
intensive  work  and  exact  copies  of  CDs 
and  DVDs,  and  allows  you  to  compile  and 
burn  CDs  and  DVDs. 

The  CD  emulation  facility  is  particularly 
cool.  We’ve  played  with  other  CD  drive 
emulators  but  Vdbs  seems  to  be  the  most 
flexible  and  stable  we’ve  come  across.  The 
installation  process  adds  a  new  device  dri¬ 
ver  that  provides  the  drive  emulation. You 
can  configure  up  to  23  virtual  drives,  which 
also  can  be  defined  as  Windows  shares. 

All  Vdbs  functions  are  accessed  as 
options  of  a  common  control  panel  appli¬ 


A  Swiss  Army-type  CD/DYD  kit 


cation  called  VirtualDrive  Utility  &  Burn¬ 
ing  Suite. 

CD  emulation  management  is  done 
through  the  VirtualDrive  Manager  option. 
Tliis  displays  a  list  of  real  and  virtual  dri¬ 
ves  as  well  as  “cabinets”  —  collections  of 
CD  and  DVD  images  stored  in  Farstone’s 
VCD  format. 

You  can  import  ISO  disk  images  as  VCD 
files  —  a  process  so  fast  that  we  suspect 
the  difference  between  Vdbs’  own  uncom¬ 
pressed  VCD  format  and  ISO  format  is 
minimal.  (However,  it  is  a  shame  that 
Farstone  chose  the  extension  VCD  for  its 
format,  as  there  is  a  CD  format  —  Video 
Compact  Disk  —  which  uses  the  same 
extension  name.) 

Uncompressed  VCD-formatted  files  can 
be  converted  to  ISO  images,  but  obviously 
there’s  a  benefit  to  compression  for  certain 
types  of  content.  We  tried  imaging  the 
Microsoft  Office  Professional  Edition  2003 
CD  to  Vdbs’  VCD  compressed  format  and 
saw  a  compression  of  less  than  6%,  which 
we  suspect  is  caused  by  the  already  com¬ 
pressed  content  on  the  disk.  On  the  other 
hand,  for  music  and  data  disks  we  imaged, 
we  saw  compressions  of  20%  to  30%. 

When  you  image  a  CD  you  also  can 
define  which  program  is  to  be  automati¬ 
cally  executed  when  the  virtual  disk  is 


opened,  a  facility  useful  for  disks  that  aren’t 
set  up  for  normal  “autorun”  operation. 

VirtualDrive  Manager  lets  you  insert  or 
remove  a  VCD  image  into  or  from  a  virtual 
drive,  and  browse  the  VCD  image  contents 
(note  that  you  can’t  copy  or  change  any¬ 
thing  in  the  image  using  VDM — you’ll  have 
to  use  the  virtual  drive  to  copy  content). 
Using  VDM,  you  also  can  back  up  VCD 
images  to  real  CDs  and  DVDs,  protect  them 
with  passwords  and  delete  them. 

All  this  and  we  haven’t  even  begun  to 
cover  what  you  can  do  with  burning  CDs 
and  DVDs!  This  CD/DVD  burning  option  is 
accessed  through  the  VirtualDrive  Utility  & 
Burning  Suite. 

It  lets  you  make  CDs,  DVDs  and  audio 
CDs  ,  clone  CDs  and  DVDs,  or  back  up 
your  hard  disk  to  CD  or  DVD  media.  The 
media  choices  available  are  CD-R  (185M, 
210M,  650M  or  700M  bits),  DVD-R  (4.7G 
bit),  DVD+R  (4.7G  bit),  CD-RW  (185M, 
210M,  650M  or  700M  bit),  DVD-RW  (4.7G 
bit),  DVD+RW  (4.7G  bit),  and  DVD-RAM 
(4.7G  bit).  Of  these  formats,  CD-RW,  DVD- 
RW,  DVD+RW  and  DVD-RAM  are  all  re 
recordable. 

There’s  support  for  mixed-mode  and  CD- 
extra  formats,  which  combine  audio  and 
data  tracks  for  multimedia  content,  multi- 
session  CDs,  MP3  CDs  and  UDF  CDs 
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(Universal  Disk  Format  —  see  DocFmder: 
6531  for  an  excellently  geeky  explanation 
of  UDF  vs.  ISO  format). 

The  final  feature  of  Vdbs  we  need  to 
cover  is  the  virtual  hard  drive  or  RAM  disk 
facility  (called  VHD  by  Farstone). This  is  a 
fairly  sophisticated  implementation  that 
lets  you  create  a  RAM  disk  as  large  as  avail¬ 
able  memory  permits  and  save  it  on  shut¬ 
down  or  in  real  time  to  a  disk  image  file. 

Farstone  gave  this  feature  a  futuristic 
console  interface  that  is  different  from 
any  other  facility  in  the  suite  for  no  appar¬ 
ent  reason. 

This  is  one  of  our  few  complaints  other 
than  an  issue  that  might  be  peculiar  to  our 
test  machine:  Installing  Vdbs  onto  a  drive 
other  than  C  caused  the  program  to  fail 
without  any  explanation.  Installing  on  the 
C  drive  solved  the  issue,  and  since  then  the 
suite  seems  solid  and  reliable. 

Our  overall  impression  of  this  suite  is  very 
positive.  The  CD/DVD  burning  is  excellent 
and  only  bettered  by  Nero  6  (DocFmder: 
6532).That  said, the  virtual  CD  drive  feature 
is  by  far  the  best  we’ve  found.  For  $60  per 
seat,  this  is  a  great  piece  of  software! 

You  can  write  and  be  read  at  gear 
head@gibbs.com  or  on  Gearblog  ( www.nw 
fusion,  com/weblogs/gearblog). 


Cool  fools 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Targus  ships  docking  station  for  notebooks,  tablets 

Targus  recently  launched  a  USB-based  docking  station 
for  notebooks  or  tablet  PCs  that  includes  video  output 
and  stereo  audio  output. 

The  $150  Universal  Notebook  Docking  Station  With 
Video  device  includes  two  USB  ports  that  are  “always  on,” 
which  means  users  can  power  peripherals  such  as  cell 
phones  and  MP3  audio  players  even  when  the  notebook 
is  in  stand-by  or  shutdown  mode. 

The  video  output  feature  lets  users  connect  a  CRT  or 
LCD  monitor  directly  to  the  docking  station  without 
adding  another  cable  connection, Targus  says.The  device 
includes  three  viewing  modes  once  a  monitor  is  con¬ 
nected:  primary  (external  monitor  as  the  primary  dis¬ 
play);  extended  (notebook  screen  and  external  monitor 
used  in  combination  to  provide  a  larger  overall  desktop 
area);  or  mirror  video  (replicates  the  notebook  screen 
onto  the  external  monitor). When  connected  to  the  dock¬ 
ing  station,  the  notebook  adds  four  USB  2.0  ports, a  video 
monitor  port,  10/100M  bit/sec  Ethernet,  serial  port,  stereo 
audio-out  jack  and  microphone-in  jack. 

The  device  weighs  13  ounces  and  measures  10.6  by  3 
by  2  inches.  Its  wedge  design  aims  to  increase  comfort 
when  typing  and  improve  airflow  for  better  cooling. The 
system  supports  notebooks  with  integrated  USB  2.0  and 
Windows  2000  or  XP  operating  systems.  More  details  are 
available  at  the  Targus  Web  site. 


Epson  expands  lightweight  LCD  projector  line 

Epson  has  announced  two  new  models  in  its  PowerLite 
line  of  lighter-than  4-pound  LCD  projectors:  the  PowerLite 
732c  (3.8  pounds,  $1,900)  and  the  wireless  PowerLite  737c 
(3.9  pounds, $2, 100).The  new  models  will  be  available  this 
month  through  Epson  sales  channels. 

Each  projector  has  up  to  2,000  lumens  of 
brightness  and  measures  7.6  by  10.9  by 
2.7  inches. 

The  PowerLite  737c  includes 
802.1  lg  wireless  LAN  connectivi¬ 
ty  that  lets  users  upload  or  run  a 
presentation  without  connect¬ 
ing  any  cables.The  system 
supports  Apple’s  Key¬ 
note  presentation  soft¬ 
ware,  and  supports 
both  Lightweight  Ex¬ 
tensible  Authentication 
Protocol  (LEAP)  auth¬ 
entication  and  Wired 
Equivalent  Privacy/Wi- 
Fi  Protected  Access  for 
encrypted  wireless  transmissions.  Epson  says  the  projec¬ 
tor’s  firmware  also  lets  users  run  PowerPoint  presentations 
and  MPEG-2  videos,  without  using  a  PC,  through  a  built-in 
PC  card  slot  or  USB  port. 

Other  features  include  quick  start-up  and  shutdown  (7 
seconds  before  a  picture  shows  up  and  only  20  seconds 
of  shutdown  time  and  cooling  required),  a  1.2x  optical 
zoom  lens  and  a  verification  tone  that  sounds  whenever 
the  power  on/off  button  has  been  selected. 

HP  redesigns  Media  Center  PCs 

HP  last  week  launched  new  products,  including  a  new 
design  for  its  Pavilion  and  Media  Center  Desktop  PCs, and 
notebooks. 


The  models  announced  include  the  Pavilion  d4000 
desktop,  the  a  1000  desktop  (desktops  start  at  $380  after 
rebates,  depending  on  whether  users  buy  off-the-shelf  or 
customized  models),  and  the  HP  Media  Center  m7000 
Series  Photosmart  PC  (pre-configured  availability  in 
April,  customized  models  due  in  May,  pricing  is  not  yet 
available). 

The  new  desktop  PCs  are  designed  to  make  digital  enter¬ 
tainment  and  digital  photography 
easier  for  users,  the  compa¬ 
ny  says.  For  example,  one 
of  the  models  includes  a 
removable  docking  station 
located  on  top  of  the  PC 
chassis  to  allow  for  a  quick 
connection  to  an  HP  R-series 
digital  camera  or  the  HP  version 
of  the  Apple  iPod. 

The  company  also  announced  new 
notebooks  —  the  Pavilion  zv6000 
series  and  Compaq  Presario  R4000 
series  will  be  available  this  month, 
and  include  Advanced  Micro 
Devices  Athlon  64  processors,  ATI 
Radeon  Xpress  200M  integrated  graphics  (up  to  128M 
bytes  of  memory),  and  15.4-inch  widescreen  displays.The 
notebooks  are  priced  starting  at  $800  after  rebates, 
depending  on  configuration. 

The  company  also  announced  new  monitors  and  a 
new  mouse.The  VS  Series  of  flat  panel  monitors  (starting 
at  $230  after  rebates)  include  15-,  17-  and  19-inch  ver¬ 
sions,  and  come  with  built-in  speakers,  an  anti-glare  sur¬ 
face  and  streamlined  cabling  for  easier  connections.The 
HP  Optical  Mouse  ($50)  includes  five  programmable  but¬ 
tons  for  Microsoft  Office  functions,  and  is  designed  for 
left-  or  right-handed  users. 

Shaw  can  be  reached  at  kshaw@nww.com. 


Epson's  PowerLite  LCD  projectors  feature  2,000  lumens 
of  brightness.  The  units  that  weigh  less  than  4  pounds 
and  fit  easily  in  a  briefcase. 
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IBM’s 

approach  to 
blocking  spam 

■  BY  MICHAEL  OSTERMAN 

IBM  recently  introduced  an  anti-spam  fil¬ 
ter  that  it  calls  Fair  Use  of  Unsolicited 
Commercial  E-mail. 

The  technology  compares  the  address  of 
an  e-mail  with  the  domain  and  IP  address 
from  which  the  e-mail  was  supposedly 
sent.  If  these  do  not  match  up  —  which  will 
occur  if  an  e-mail  address  is  spoofed  or 
sent  from  a  zombie  computer — the  e-mail 
will  be  treated  as  suspect. 

Suspect  e-mail  then  will  be  sent  a  reply 
using  a  challenge/response  system.  Poten¬ 
tially  valid  e-mail  will  be  processed 
through  conventional  whitelists  and 
blacklists  and  the  sending  domain’s  repu¬ 
tation  will  be  checked  using  a  WHOIS 
lookup  that  determines  how  long  a 
domain  had  been  active  on  the  date  it 
first  sent  e-mail  to  a  recipient.  IBM  indi¬ 
cates  that  a  future  iteration  of  FairUCE  will 
incorporate  a  more  refined  domain  repu¬ 
tation  system.  Future  versions  of  FairUCE 
will  incorporate  a  sender  identification 
system,  possibly  Sender  Policy  Frame¬ 
work,  and  e-mail  from  SPF-enabled 
domains  would  not  be  challenged. 

FairUCE  runs  only  on  Postfix  on  Linux 
servers,  although  Sendmail  and  QMail  are 
also  being  considered  for  future  versions 
of  the  filter. 

FairUCE  is  designed  to  prevent  spoofing 
and  phishing.  The  filter  is  being  marketed 
as  a  more  efficient  method  of  blocking 
spam  because  by  verifying  sender  identity, 
spam  filtering  can  be  more  efficiently  per¬ 
formed,  less  bandwidth  can  be  consumed 
and  less  processing  is  required  than  for 
spam  filtering  techniques  that  scan  mes¬ 
sage  content. 

As  I  see  it,  FairUCE  will  be  useful  in  reduc¬ 
ing  the  amount  of  spam  that  reaches  mes¬ 
saging  users.  However,  there  are  three  prob¬ 
lems  with  the  approach. 

First,  challenge/response  systems  are  not 
for  everyone  —  legitimate  senders  who  re¬ 
ceive  a  challenge  might  not  respond.  For 
customer-facing  organizations  that  receive 
orders, inquiries  and  the  like  via  e-mail, not 
receiving  these  customer  communications 
simply  because  the  sender  doesn’t  like  a 
challenge  poses  a  serious  risk. 

Second,  the  current  domain  reputation 
system  simply  looks  up  a  domain’s  age  at 
the  point  it  first  sends  e-mail  to  a  recipi¬ 
ent.  While  many  spammers  sign  up  for  a 
domain  and  then  immediately  blast 
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e-mails  from  it,  older  domains  can  do  the 
same  thing,  making  this  form  of  domain 
reputation  analysis  less  than  optimal. 

Third,  if  email  comes  from  a  zombie,  it 
will  receive  challenges,  resulting  in  lots  of 
email  being  sent  back  to  the  unwitting  vic¬ 
tims  of  the  Trojan  horse  that  made  their 


computers  zombies  in  the  first  place. 

Overall,  FairUCE  should  be  a  useful  tool, 
but  the  enhancements  that  IBM  is  plan¬ 
ning  —  such  as  support  for  a  wider  variety 
of  message  transfer  agents  and  better 
domain  reputation  analysis  —  will  make 
FairUCE  more  useful. 


Osterman  is  the  principal  of  Osterman 
Research,  a  market  research  firm  that  helps 
organizations  understand  the  markets  for 
messaging,  directory  and  related  products 
and  services.  He  can  be  reached  at 
michael@ostermanresearch.  com 
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Only  took  you  .. 
2  minutes  to  audit 
the  entire  network? 


Don't  tell  anyone 
or  they'll  find 
something  else 
for  you  to  do! 


AuditWizard  V6  -  Simply  Effective 


No  other  software  makes  auditing  your  network  as  quick  and  easy 
as  AuditWizard™. 

Install,  then  sit  back  and  let  AuditWizard™  do  all  the  complicated  stuff. 
AuditWizard™  will  automatically  discover  all  of  the  PCs  connected  to  your  network 
then  conduct  a  comprehensive  software  and  hardware  audit  of  each  one  -  without 
any  user  intervention  from  you. 


So  when  the  boss  asks  for  that  Software  License  Compliance  Report  -  you're 
good  to  go... 


...if  only  everything  in  life  was  as  simple  to  use  as  AuditWizard™ 


For  more  information  telephone  813  319  1390 
or  email  sales@auditwizard.com 

Download  a  FREE  trial  today!  www.auditwizard.com 
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Two  security  experts  debate  whether  two-factor  au 

wo-factor  authentication 
little,  too  late? 

thentication  can  handle  today's  network  attacks. 

Yes,  by  Bruce  Schneier, 
Counterpane 


No,  by  Joe  Uniejewski, 
RSA  Security 


Recently  I  published  an  essay  arguing  that  two-factor  authentication  is  an  inef¬ 
fective  defense  against  identity  theft  (see  www.schneier.com/essay-083.html). 
For  example,  issuing  tokens  to  online  banking  customers  won’t  reduce  fraud, 
because  new  attack  techniques  simply  ignore  the  countermeasure.  Unfor¬ 
tunately  some  took  my  essay  as  a  condemnation  of  two-factor  authentication 
in  general.This  is  not  true.  It’s  simply  a  matter  of  understanding  the  threats  and  the  attacks. 

Passwords  just  don’t  work  anymore.  As  computers  have  gotten  faster,  password  guessing 
has  gotten  easier.  Ever-more-complicated  passwords  are  required  to  evade  password¬ 
guessing  software.  At  the  same  time,  there’s  an  upper  limit  to  how  complex  a  password 
users  can  be  expected  to  remember.  About  five  years  ago,  these  two  lines  crossed:  It  is  no 
longer  reasonable  to  expect  users  to  have  passwords  that  can’t  be  guessed.  For  anything 
that  requires  reasonable  security  the  era  of  passwords  is  over. 

Two-factor  authentication  solves  this  problem.  It  works  against  passive  attacks:  eaves¬ 
dropping  and  password  guessing.  It  protects  against  users  choosing  weak  passwords, 
telling  their  passwords  to  their  colleagues  or  writing  their  passwords  on  pieces  of  paper 
taped  to  their  monitors.  For  an  organization  trying  to  improve  access  control  for  its  em¬ 
ployees,  two-factor  authentication  is  a  great  idea.  Microsoft  is  integrating  two-factor  auth¬ 
entication  into  its  operating  system,  another  great  idea. 

What  two-factor  authentication  won’t  do  is  prevent  identity  theft  and  fraud.  It’ll  prevent 
certain  tactics  of  identity  theft  and  fraud,  but  criminals  simply  will  switch  tactics.  We’re 
already  seeing  fraud  tactics  that  completely  ignore  two-factor  authentication.  As  banks 
roll  out  two-factor  authentication,  criminals  simply  will  switch  to  these  new  tactics. 

Security  is  always  an  arms  race,  and  you  could  argue  that  this  situation  is  simply  the  cost 
of  treading  water. The  problem  with  this  reasoning  is  it  ignores  countermeasures  that  per¬ 
manently  reduce  fraud.  By  concentrating  on  authenticating  the  individual  rather  than 
authenticating  the  transaction,  banks  are  forced  to  defend  against  criminal  tactics  rather 
than  the  crime  itself. 

Credit  cards  are  a  perfect  example.  Notice  how  little  attention  is  paid  to  cardholder 
authentication.  Clerks  barely  check  signatures.  People  use  their  cards  over  the  phone 
and  on  the  Internet,  where  the  card’s  existence  isn’t  even  verified. The  credit  card 
companies  spend  their  security  dollar  authenticating  the  transaction,  not  the 
cardholder. 

Two-factor  authentication  is  a  long-overdue  solution  to  the  problem  of  pass¬ 
words.  1  welcome  its  increasing  popularity  but  identity  theft  and  bank  fraud 
are  not  results  of  password  problems;  they  stem  from  poorly  authenticated 
transactions.  The  sooner  people  realize  that,  the  sooner  they’ll  stop  advocating 
stronger  authentication  measures  and  the  sooner  security  will  actually  improve. 

Schneier  is  CTO  of  Counterpane  Internet  Security  and  author  of 
Beyond  Fear:  Thinking  Sensibly  About  Security  in  an  Uncertain 
World.  You  can  read  more  of  his  security  writings  at 
www.  schneier  com. 


Every  day,  two-factor  authentication  —  ATM-style  identification  combining  the 
use  of  something  you  know  (a  password)  with  something  you  have  (a  token) 
—  proves  itself  to  be  an  essential  part  of  broad-based  information  security  sys¬ 
tems,  mitigating  multiple  threats,  and  protecting  identities  and  information 
assets.  While  never  claiming  to  be  information  security’s  silver  bullet,  strong 
two-factor  authentication  plays  a  crucial  role  in  protecting  vital  data. 

In  the  fight  against  Internet  crime,  the  static  password  is  the  user’s  worst  enemy  Two-fac¬ 
tor  authentication  eliminates  the  risk  of  most  phishing  attacks,  which  rely  on  the  mass  har¬ 
vesting  of  identity  and  account  information  for“replay”later.Two-factor  authentication  also 
prevents  user  impersonation  through  guessed  passwords  or  with  passwords  harvested 
from  other  sites  —  a  prominent  issue  today  as  users  struggle  to  manage  multiple  pass¬ 
words  across  various  online  accounts.To  suggest  that  two-factor  authentication  is  useless 
because  it  doesn’t  directly  prevent  real-time  man-in-the-middle  attacks  —  in  which  the 
attacker  sets  up  a  fake  Web  site  to  which  he  lures  users  who  then  unwittingly  enter  their 
personal  information  —  implies  there  is  a  fix-all  solution  that  will  solve  the  problem. 

Users  need  a  convenient,  reliable  way  of  recognizing  when  it’s  safe  to  provide  a  cre¬ 
dential  to  an  application,  and  of  verifying  that  the  application  is  authentic.  Along  these 
lines,  RSA  Security  has  been  exploring  new  ways  in  which  the  browser  and  operating  sys¬ 
tem  interfaces  for  user  authentication  can  be  strengthened.  We  are  working  with  other 
leaders  in  the  industry  to  raise  the  standard  for  authentication  interfaces  and,  in  particu¬ 
lar,  the  protocols  for  authentication  exchanges  with  Web  sites.These  improvements,  along 
with  protections  against  various  forms  of  malware,  will  go  a  long  way  toward  addressing 
the  legitimate  concerns  raised  by  man-in-the-middle  attacks.  More  importantly  they  will 
help  to  ensure  ongoing  consumer  confidence  in  e-commerce. 

Strong  two-factor  authentication  has  proven  itself  to  be  a  highly  effective  means  of  pro¬ 
tecting  corporations  and  individuals  from  a  multitude  of  cybercrimes,  in  both  business-to 
business  and  consumer  applications.  In  conjunction  with  the  other  developments  out¬ 
lined  above,  two-factor  authentication  is  more  necessary  today  than  ever  —  the  reason 
why  organizations  such  as  the  National  Institute  of  Standards  and  Technology  the  Federal 
Deposit  Insurance  Corp.  and  Microsoft  have  identified  it  as  the  way  forward.  The 
idea  that  it  does  nothing  to  protect  against  identity  theft  is  not  just  incorrect  — 
it’s  recklessly  defeatist.  Like  a  doom-merchant  advocating  there  is  no  point  in 
locking  your  front  door  if  you  live  in  a  war  zone,  detractors  are  missing  the 
obvious  point  that  there  are  dozens  of  threats  out  there  —  and  no  one  solu¬ 
tion  will  prevent  them  all. 

Let’s  work  together  to  ensure  the  promise  of  trustworthy  online  commerce 
—  and  direct  our  strongest  response  at  those  who  are  capitalizing  on  cur¬ 
rent  security  weaknesses,  rather  than  those  who  are  investing  in 
fixing  them. 

Uniejewski  is  CTO  and  senior  vice  president  of  corporate  develop 
meat  at  RSA.  He  can  be  reached  at  juniejewski@rsasecurity.com. 
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The  blade  made  for  Linux.  The  tools  to  make  it  better. 
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Put  a  world  leader  in  blades  and  Linux  to  work  for  you.  More  and  more  businesses  are  finding  that  HP  BladeSystem  servers  are  the  tool  their  data  center  needs. 
One  reason  is  that  HP's  blades  are  optimized  for  Linux.  Not  only  do  they  ship  with  powerful  software  tools,  like  HP  Systems  Insight  Manager™  and  ProLiant 
Essentials,  they  also  run  key  Linux  apps  from  software  partners  like  PeopieSoft  and  Oracle.  And  with  powerful  AMD  Opteron™  Processors,  you  get  maximum 
performance  now  as  well  as  the  flexibility  to  transition  to  64-bit  computing  now  or  in  the  future.  In  short,  HP  offers  you  the  advantages  of  blades,  Linux 
and  legendary  HP  reliability  all  in  one  neat,  affordable  package.  Get  more  support,  technology  and  advice  from  HP.  So  you  can  build  the  I.T.  you  need. 


HP  ProLiant  BL25p  Blade  Server 


HP  ProLiant  BL35p  Blade  Server 


THE  SOLUTIONS 


•  BL25p:  2  AMD  Opteron™  Processors  Model  200 
(up  to  2.60GHz) 

•  BL35p:  2  AMD  Opteron™  Processors  Model  200 
(2.40GHz) 

•  BL25p:  Up  to  48  servers  per  rack 

•  BL35p:  Up  to  96  servers  per  rack 

•  HP  Systems  Insight  Manager™  for  Web-based 
networked  management  through  a  single  console 

•  Rapid  Deployment  Pack  for  ease  of  deployment 
and  ongoing  provisioning  and  reprovisioning  in 
Linux-mixed  OS  environments  (optional) 


THE  BENEFITS’ 

•  Up  to  23%  savings  on  acquisition  cost 

•  Up  to  23%  less  power  consumption 

•  Up  to  93%  fewer  cables 

•  43%  less  space  needed  for  same  number  of 
processors 

•  Hot-swappable  server  design 

•  Single  interface  for  local  and  remote  management 
of  servers,  storage,  software  and  networking 


Enhance  your  system.  HP  STORAGEWORKS  MSA1500CS 

-  Up  to  24TB  of  capacity  (96  250GB  SATA  drives)  -  Up  to  16TB  of  capacity 
(300GB  SCSI  drives)  -  Ability  to  mix  SCSI  and  Serial  ATA  enclosures  for 
greater  flexibility  -  2GB/1GB  Fibre  connections  to  host  flexibility 

Save  up  to  $844  on  the  4-hour  response,  24-hour-a-day,  3-year  warranty  upgrade2 


Save  $1,744  when  you  purchase  an  HP  BladeSystem  enclosure 
and  8  BladeSystem  Management  Suite  Licenses.3 

CALL 

1-866-625-3909 

CLICK 

www.hp.com/go/bladesmag52 

CONTACT 

your  local  reseller 

1.  Based  on  internal  HP  testing;  compared  to  similarly  configured  HP1U,  2P  server  with  SAN  connectivity.  For  configurator,  please  visit:  http://h30099.www3.hp.com/configurator/catalog-issipc.asp.  2.  Offer  valid  through  7/31/05  on 
purchase  of  four-hour  response,  24-hour-a-day,  three-year  warranty  upgrade  for  MSA  1000  or  MSA  1500  products.  3.  Offer  valid  through  8/31/05  on  purchase  of  HP  BladeSystem  enclosure  and  eight  BladeSystem  Management 
Suite  licenses.  Offers  valid  in  U.S.  only.  Offers  cannot  be  combined  with  any  other  offer  or  discount  and  are  good  while  supplies  last.  See  Web  site  for  full  details.  Linux  is  a  U.S.  registered  trademark  of  Linus  Torvaids  Oracle  is  a  registered 
U.S.  trademark  of  Oracle  Corporation,  Redwood  City,  California.  AMD,  the  AMD  Arrow  Logo,  AMD  Opteron  and  combinations  thereof  are  trademarks  of  Advanced  Micro  Devices,  Inc.  ©2005  Hewlett-Packard  Development  Company,  L.P. 
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John  Dix 

Reshaping 
the  telecom 
landscape 

Although  hurdles  remain.it  seems  likely  that  Verizon 
will  finally  succeed  in  its  bid  to  acquire  MCI,  culmi¬ 
nating  a  frenzied  period  of  industry  consolidation 
that,  while  painful  in  the  short  term,  will  lead  to  stability 
and  innovation. 

MCI  last  week  accepted  Verizon’s  latest  bid  of  $7.6  bil¬ 
lion  and  rejected  an  overture  from  Qwest  for  almost  $1 
billion  more,  saying  Verizon  was  a  better  strategic  fit.The 
merger  will  create  a  powerhouse  with  some  $90  billion  in 
revenue,  a  sophisticated  national  network  supporting  a 
range  of  enterprise  services  and  a  territory  rich  in  global 
corporations. 

It  will  be  a  strong  competitor  to  Sprint/Nextel,  which 
inked  a  merger  deal  late  last  year,  and  to  SBC,  which 
recently  scooped  up  AT&T  for  $16  billion  to  form  a  com¬ 
pany  with  roughly  $70  billion  in  revenue. 

The  value  of  these  deals  reflects  the  economics  at  work 
in  the  troubled  long-distance  business.  For  $7.6  billion, 
Verizon  is  acquiring  a  company  that  had  revenue  last 
year  of  $21  billion,  while  for  $16  billion  SBC  takes  home 
AT&T,  which  had  $30  billion  in  2004  sales. 

Of  course  neither  MCI  nor  AT&T  turned  a  profit  last 
year,  with  MCI  posting  a  loss  of  $3.2  billion  and  AT&T  end¬ 
ing  the  year  $9.5  billion  in  the  hole  (both  companies 
have  roughly  $6  billion  in  debt). What’s  more,  the  top  line 
numbers  for  both  companies  have  been  trending  in  the 
wrong  direction  for  several  years  —  MCI  revenue  last  year 
was  down  15%  compared  with  2003,  while  AT&T  sales 
were  off  9%. 

It  is  clear  the  current  long-distance  model  couldn’t  sur¬ 
vive  anymore,  so  ultimately  consolidation  is  good  for  the 
industry  and  good  for  the  buyer. 

While  some  analysts  question  if  the  reduction  in  the 
number  of  players  will  result  in  increased  prices,  it  seems 
more  likely  that  a  handful  of  national,  viable, similarly 
equipped  competitors  will  fight  like  the  dickens  for  big 
business.  What’s  more,  the  expanding  reach  of  the  big 
guys  might  make  it  possible  to  consolidate  some  con¬ 
tracts  and  get  bigger  discounts. 

Longer  term,  the  fact  that  these  deals  are  reshaping  the 
landscape  probably  will  demand  the  rethinking  of  core 
telecom  regulations  and  perhaps  a  significant  reduction 
in  those  regulations,  moving  telecom  closer  to  true  mar¬ 
ket  competition. 

All  this,  of  course,  is  ignoring  the  short-term  headaches 
and  problems  that  will  result  from  these  mega-mergers. 
The  next  two  years  will  be  painful.  But  once  the  digestion 
is  completed,  we  can  expect  serious  competition  to 
ensue  and  more  emphasis  on  innovation. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


www.nwfusion.com 


opinions 


Up  of  the  iceberg 

1  wonder  if  other  readers  are  as  surprised  as  I  am  by 
the  huge  media  buzz  surrounding  the  ChoiceFbint 
security  breach  (www.nwfusion.com,  DocFinder: 
6525).  The  number  of  consumers  reportedly  com¬ 
promised  by  ChoicePoint  (145,000)  is  barely  more 
than  a  quarter  of  the  number  whose  insurance 
records  (name,  address,  phone  number,  Social 
Security  number  and  medical  claim  data)  were 
stolen  in  2002  from  Arizona-based  TriWest 
Healthcare  Alliance.  Many  of  those  550,000  victims, 
from  16  states,  were  military  personnel.  (For  the 
record,  I  am  currently  an  expert  witness  for  victims 
in  the  TriWest  case  who  are  pursuing  a  negligence 
claim  against  the  company) 

There  have  been  other  cases,  as  well,  with  big 
numbers  of  consumers  compromised,  but  they 
didn’t  seem  to  generate  as  much  concern  as 
ChoicePoint.  Perhaps  the  public  finally  is  waking 
up  to  the  fact  that  some  companies  are  making  a 
lot  of  money  off  of  mining  their  data,  without  mak¬ 
ing  a  commensurate  investment  in  data  protection. 
We  probably  will  see  more  breaches  like  Choice- 
Point,  and  more  state  and  federal  regulation  of 
companies  holding  consumer  data. 

Stephen  Cobb 
St.  Augustine,  Fla. 

VoIP  cost  savings 

Chuck  Yoke’s  column  “‘86’  the  VoIP  cost  savings” 
(DocFinder:  6526)  was  a  real  eye-opener  for  a  lot  of 
IT  managers  in  the  midst  of  moving  to  VoIP  His 
statements  are  in  line  with  the  experience  of  my 
company’s  customers  that  have  already  imple¬ 
mented  VoIP  Our  experience  specifically  relates  to 
fax  equipment  on  VoIP 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  uerification. 


Two  cases  specifically  stick  out  in  my  mind.  Both 
companies  are  large,  publicly  traded  firms  with  an 
army  of  network  and  telephony  specialists.  Both 
frantically  called  us  in  the  middle  of  the  VoIP  con¬ 
version  to  say  their  fax  machines  no  longer  worked. 
Let’s  think  about  this  scenario  for  a  moment.You  are 
trying  to  take  the  digitally  processed  data  from  a  fax 
machine,  which  then  converts  it  to  analog  to  be 
transmitted  over  plain  old  telephone  service.  You 
then  route  that  into  a  device  to  convert  the  analog 
signal  into  a  digital  signal  to  be  transmitted  over  a 
latency-prone  IP  network  with  packets  traveling  mul¬ 
tiple  routes  to  the  same  destination,  through  who 
knows  how  many  routers,  to  go  through  the  same 
conversion  at  the  other  end  and  still  fake  out  the 
equipment  at  both  ends  to  think  it  is  still  on  an  ana¬ 
log  phone  line.  If  you  think  that  sounds  close  to 
impossible, you  would  be  in  good  company  with  the 
fax  machines.  All  this  cost  saving  by  putting  in  VoIP 
gets  eliminated  in  a  big  hurry  on  those  fax  lines.The 
faxes  have  to  be  slowed  down  to  less  than  half  of 
their  potential  speed,  in  addition  to  several  other 
tricks  not  supported  by  all  fax  equipment  manufac¬ 
turers.  Needless  to  say  a  lot  of  time  and  money  gets 
spent'adjusting  what  you  have  or  replacing  it,  not  to 
mention  the  additional  time  it  will  now  take  to  send 
that  fax.  If  your  cost  per  minute  is  half  over  VoIP  but 
it  takes  three  times  as  long  to  send  a  fax,  where  are 
the  savings? 

The  worst  part  is  that  both  customers  have  fax 
equipment  capable  of  sending  transmissions  native¬ 
ly  over  IP  digital  transmission  end  to  end.  Unfor¬ 
tunately  they  are  too  busy  with  the  VoIP  project  to 
entertain  implementing  the  new  fax-over-IP  technol¬ 
ogy  I  only  hope  Network  World  readers  can  learn  a 
few  of  the  VoIP  caveats  so  their  rollouts  may 
approach  the  savings  they  anticipate. 

Glenn  Plank 
Systems  engineer 
FaxWorld 
Huntington  Beach,  Calif. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  6524 
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LIPPIS  OH  COMMUNICATIONS 

Nick  Lippis 

Chief  security  officers  are  starting  to  lose 
their  executive  management  influence. 
The  chief  security  officer  position  be¬ 
came  popular  after  Sept.  1 1,2001,  when  many 
CEOs  and  boards  made  security  and  business 
continuity,  rightfully  their  top  priority  Many  of 
these  newly  appointed  chief  security  officers 
had  physical  security  or  law  enforcement  backgrounds,  rather  than 
technical  or  business  backgrounds,  limiting  their  interaction  with  exec¬ 
utive  management  to  security  policy  and  status  updates  on  vulnerabil¬ 
ity  assessments.  In  short,  chief  security  officers  often  have  little  to  offer 
at  board  meetings,  when  business  strategy  revenue  growth  and  pro¬ 
ductivity  enhancement  are  discussed.  Instead,  they  are  subservient  to 
the  CIO, who  is  often  key  to  fulfilling  corporate  initiatives  and  achieving 
business  goals. 

Many  chief  security  officers  were  put  in  place  primarily  as  a  means 
for  CIOs  to  “CYA”  (as  in  Cover  Your  A**).  That  is,  if  something  on  the 
security  front  blows  up,  the  CIO  can  say  “That’s  the  chief  security  offi¬ 
cer’s  responsibility  not  mine.”  And,  unfortunately  for  chief  security  offi¬ 
cers,  the  situation  is  only  going  to  get  worse. 

In  my  last  column,  1  discussed  the  concept  of  trusted  networks,  a 
major  shift  that  is  occurring  in  the  network  security  arena.Trusted  net¬ 
working  is  the  trend  toward  increasing  security  features  bundled  into 
Ethernet  switches  and  routers,  rather  than  within  network  appliances. 
As  the  trusted  networks  market  expands,  a  shift  in  suppliers  will  occur. 
Network  security  appliance  firms  are  being  forced  to  change  their  busi¬ 
ness  models  and  cut  deals  with  Ethernet  switch  firms,  as  the  network 


Chief  security  officers  lose  clout 


becomes  the  platform  to  deliver  security  services  such  as  access  con¬ 
trol  and  compliance  tied  to  policy  managers. 

So  how  do  trusted  networks  affect  the  chief  security  officer?  Think 
about  IP  telephony  for  a  second.  Before  IP  telephony  the  telecom  man¬ 
ager  was  in  charge  of  enterprise  voice  communications.  But  as  the  role 
of  the  PBX  has  diminished, so  too  has  the  telecom  manager’s  influence. 
The  network  architect  and  designer  now  have  influence  over  enter¬ 
prise  voice  decisions.  This  shift  in  power  over  architecture,  design  and 
purchase  influence  has  huge  implications  for  suppliers.  In  the  case  of 
IP  telephony,  many  of  the  traditional  PBX  vendors  lost  their  customers. 
Their  salespeople  no  longer  had  the  right  contacts,  and  many  were 
forced  to  seek  out  and  court  the  new  influencers.  They  had  to  learn 
new  skills  and  master  a  new  language.The  same  shift  is  occurring  in  the 
network  security  arena.  Those  suppliers  who  sold  mostly  to  the  chief 
security  officer  will  find  that  the  chief  security  officer’s  influence  is 
dwindling.  They’ll  get  their  first  glimpse  of  this  when  the  sales  cycle 
takes  a  lot  longer  to  close  until  it  doesn’t  close  at  all. 

So  as  network  security  features  increasingly  move  to  Ethernet  switch 
and  routers  companies  such  as  Cisco,  Enterasys  Networks,  Nortel, 
Extreme  Networks,  Foundry  Networks,  HP  and  3Com,  so  too  will  influ¬ 
ence  flow  to  network  architects  and  designers,  leaving  the  chief  secu¬ 
rity  officer  with  one  less  thing  to  talk  about  at  board  meetings. 


Unfortunately  for 
chief  security 
officers,  the  situ¬ 
ation  is  only 
going  to  get 
worse. 


Lippis  is  an  authority  on  corporate  IP  networking  and  consultant  to 
CIOs  of  Global  2000  companies.  He  can  be  reached  at  nick@lippis.com. 
His  Enterprise  IP  Communications  Symposium  will  be  held  April  19-20  in 
New  York.  For  more  information,  go  to  www.lippismedia.com. 


TELECOM  CATALYST 

Daniel  Briere 


elieve  it  or  not,  the  “War  of  the  Worlds”  hit 
Connecticut  on  Feb.  1 .  The  state  was 
being  invaded,  and  all  residents  were 
told  to  evacuate.  Think  I’m  kidding?  OK,  the 
alien  invasion  part  is  not  true,  but  on  Feb.  1, 
Connecticut  residents  were  indeed  told  by 
broadcast  to  flee  the  state  immediately 

You  probably  won’t  be  surprised  to  hear  that  the  alert  was  a  mistake 
made  by  someone  tasked  with  performing  the  weekly  test  of  the  emer¬ 
gency  broadcast  system.  State  emergency  management  officials  say  an 
employee  pressed  the  wrong  button.  Instead  of  hearing  a  test  of  the 
emergency  alert  system,  midday  television  viewers  and  radio  listeners 
were  told  that  the  state  was  being  evacuated:  “Civil  authorities  have 
issued  an  immediate  evacuation  order  for  all  of  Connecticut,  beginning 
at  2:10  p.m.and  ending  at  3:10  p.m.”Glad  they  gave  us  an  hour  to  get 
the  heck  out  of  here.  (It  takes  me  an  hour  just  to  get  to  the  nearest  mall, 
but  that’s  another  story) 

The  funnier  (sadder)  aspect  of  this  incident  is  that,  in  a  state  of  3.5  mil¬ 
lion  people,  no  one  really  took  the  alert  seriously  In  fact,  hardly  anyone 
heard  about  it  until  the  5  p.m.  news.  Because  the  alert  went  over  the 
radio  and  TV  at  midday,  its  reach  was  limited  to  those  watching  TV  or 
listening  to  the  radio  at  the  timed  don’t  have  the  statistics  handy  but  I’ll 
wager  that  only  a  small  portion  of  the  state  is  on  air  at  2:10  p.m. 

So  if  you  are  in  the  state’s  Office  of  Emergency  Management  in 
Hartford  and  you  think  you  just  scared  the  heck  out  of  the  citizenry,  in 
this  age  of  Skype,  Gigabit  switching  and  fiber-optic  lines,  how  do  you 
correct  the  situation?  Officials  sent  out  a  fax  to  every  police  depart¬ 
ment  in  the  state,  informing  them  of  the  false  alarm. Well,  now  I’m  going 
to  check  my  fax  machine  a  little  more  often! 

The  fact  that  this  incident  happened  in  the  first  place  is  stupid,  but  the 
fact  that  we’re  relying  only  on  TV  and  radio  broadcasts  is  even  worse. 
What  we  really  need  is  an  approach  that  is  built  around  the  way  we 
communicate  in  the  21st  century. 


We  interrupt  this  broadcast . . . 


We  live  in  an  age  of  cell  phones,  PDAs,  e-mails,  instant  messaging  and 
wireless  data  access.  Alerting  should  not  play  to  the  least  common  de¬ 
nominator,  but  instead  address  the  maximum  number  of  mechanisms 
that  ensure  that  the  message  gets  out.  Call  me  silly  but  I  certainly  would¬ 
n’t  mind  getting  a  phone  call,  fax,  e-mail,  IM,  Short  Message  Service 
(SMS)  and  on-screen  alert  if  a  nuclear  bomb  just  went  off  and  I  should 
get  my  kids  inside  because  of  the  fallout. 

This  concept  of  multimodal  alert  systems  isn’t  just  pie  in  the  sky  I  read 
that  one  of  the  first  really  useful  communications  systems  in  tsunami- 
ravaged  areas  such  as  Sri  Lanka  and  Thailand  was  a  grass-roots-devel- 
oped  and  -organized  SMS-based  system  called  the  Alert  Retrieval 
Cache.  This  system  was  developed  on  the  fly  in  response  to  the  emer¬ 
gency  situation,  but  is  now  being  further  developed  as  an  open  source 
project  that  can  accept  SMS  alerts  and  distribute  them  widely  via 
e-mail,  SMS  or  other  methods. 

I’m  sure  there’s  a  load  of  alerting  services  —  the  functionality  exists; 
it’s  commonplace.There’s  a  business  model  in  there  somewhere  for  ser¬ 
vice  providers.  Whoever  solves  this  problem  needs  to  make  it  as  acces¬ 
sible  to  government  as  to  the  masses. 

In  addition,  we  need  a  better  means  to  tell  others  how  we  like  to  be 
communicated  with  and  under  what  circumstances.  Leaving  a  voice 
mail  on  my  cell  phone  is  useless,  while  IM  and  e-mail  are  the  best  ways 
to  get  me.  How’s  the  Office  of  Emergency  Management  ever  going  to 
know  that? 

When  radio  was  the  only  thing  on  the  airwaves,  it  was  easy  to  com¬ 
municate  to  the  masses.  But  now  the  options  are  too  varied.  Alerting 
approaches  need  to  be  varied,  too.  With  all  the  taxpayer  money  spent 
on  homeland  security,  it’s  downright  insulting  that  human  processes 
and  fax  machines  still  are  driving  state  evacuations  —  even  false  ones. 


What  we  really 
need  is  an 
approach  that  is 
built  around  the 
way  we  communi¬ 
cate  in  the  21st 
century. 


Briere  is  CEO  of  TeleChoice,  a  market  strategy  consultancy  for  the 
telecom  industry.  He  can  be  reached  at  telecomcatalyst@ 
telechoice.com. 


DIFFICULT  IS  IT  TO  SET  UP  802.1X  AUTHENTICATION? 


TREME  TESTER  JOEL  SNYDER  PROVIDES  A 


NUTE-BY-MINUTE  ACCOUNT  OF  HIS  802.1X  ADVENTURE. 


BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 


Using  the  802.  IX  protocol  to  secure  wired  and  wireless  networks  is  supposed  to  be  easy.  So  we 
grabbed  some  hardware  and  servers  from  our  test  lab  to  see  how  hard  it  would  be  in  the  real  world. 

The  challenge:  Could  we  set  up  802. IX  authentication  in  one  hour  or  less? 

Before  diving  into  any  802.  IX  project,  start  by  answering  the  question,  “Where  is  my  user-authentication 
database  stored?”  You  can’t  design  any  aspect  of  802.  IX  until  you’ve  figured  out  how  you’re  going  to  authen¬ 
ticate  users.  If  you’re  going  to  use  Secure  Computing’s  SafeWord  or  RSA  Security’s  SecurlD  or  any  other 
one-time  password  system,  you’ll  need  to  find  a  RADIUS  server  that  can  talk  to  that  authentication  data¬ 
base.  In  our  case,  we  decided  to  use  our  Windows  2000  server’s  built-in  user  database. 


Start  the  Odyssey 

Once  you  know  where  your  user  data  is  stored, you  can  pick  an  authentication  method. 
802.  IX  is  a  framework  that  allows  lots  of  ways  to  actually  handle  the  authentication.  If  you 
use  usernames  and  passwords,  Protected  Extensible  Authentication  Protocol  (PEAP)  and 
Tunneled  Transport  Layer  Security  (TTLS)  are  the  two  methods  to  care  about.  While  simi¬ 
lar,  there’s  one  huge  difference:  TTLS  can  work  with  one-way  encrypted  passwords,  while 
PEAP  cannot.  So  for  example,  if  your  usernames  and  passwords  are  locked  up  in  a  Unix- 
style  database,  you  have  to  use  TTLS.  With  Windows,  passwords  are  not  so  tightly  secured, 
and  challenge-response  authentication  methods  can  be  used,  which  means  either  PEAP 
or  TTLS  would  work. 

Although  TTLS  is  more  flexible,  PEAP  has  one  significant  benefit:  It’s  built  into  Windows 
XP  (and  is  available  as  a  Microsoft  update  to  Win  2000).  Because  we  wanted  to  get  up  and 
running  as  quickly  as  possible, we  decided  to  use  PEAP  as  an  authentication  method, with 
MS-CHAPv2  (Challenge  Handshake  Authentication  Protocol)  inside  to  carry  the  actual 
username  and  passwords. 

With  those  two  decisions  made,  life  suddenly  gets  a  lot  easier.  The  next  step  is  to  find  a 
RADIUS  server  that  will  talk  to  your  802.  IX  devices  on  one  side  and  to  your  authentication 
database  on  the  other.  Although  Microsoft  includes  a  free  one  with  Win  2000  server,  called 
Internet  Authentication  Server  (IAS),  it  only  runs  in  a  Windows  domain  environment. 

Our  server  was  stand-alone  and  converting  it  to  be  compatible  with  Microsoft’s  IAS  was¬ 
n’t  going  to  happen  in  one  hour.  For  that  reason,  we  elected  to  use  Funk  Software’s  Odyssey 
RADIUS  server.  Although  Funk  is  known  for  industrial  strength  RADIUS  software, 
Odyssey  is  a  simpler  product  that  does  exactly  what  we  needed  and  not  more. 
Plus,  with  a  free  trial  download  at  www.funk.com,  it  fit  very  nicely  into  our 
time  requirement. 

(Stopwatch:  8  minutes,  including  reboot) 

Calculate  the  RADIUS 

With  wireless  authentication,  it’s  critical  that  both  ends  of  the  connection 
authenticate  themselves.  It’s  not  a  very  good  idea  to  give  your  username  and  password  to 
just  any  access  point  that  happens  to  be  around.  With  PEAP  and  TTLS  EAP  authentication 
methods,  the  RADIUS  server  identifies  itself  using  a  digital  certificate.  Normally 
getting  a  digital  certificate  is  a  long  process,  but  we  had  a  secret:  RegisterFly.  This  little- 
known  registrar  sells  certificates  at  a  great  price  ($16  per  year),  but  most  importantly,  it  will 


issue  them  immediately  You  have  to  prove  that  you  own  the 
domain  name  in  the  certificate,  but  total  elapsed  time  between 
hitting  their  Web  site  at  www.registerflycom  and  getting  a  cer¬ 
tificate  for  our  server  was  just  under  10  minutes.  If  you  don’t 
care  about  having  a  trusted  root  sign  your  certificates,  you 
can  use  CAcert  (www.cacert.org),  which  is  just  as  fast  and 
free  —  although  CAcert  doesn’t  have  their  certificate  built 
into  Windows.  Because  we  wanted  to  go  quickly  and  not 
worry  about  how  we  were  going  to  get  the  CAcert  serv¬ 
er  certificate  to  our  clients,  we  opted  to  spend  the  $16. 

One  touchy  part  of  getting  the  certificate  for  a 
RADIUS  server  to  work  with  802.  IX  is  having  all  of 
the  right  attributes  in  the  certificate.  We  used 
OpenSSL  to  generate  the  certificate  request  and 
get  everything  right.  If  you  have  to  install  OpenSSL 
just  to  request  the  certificate,  that’ll  add  to  your 
time,  but  if  you’ve  got  any  Mac  or  Linux  systems 
around,  they’ll  have  OpenSSL  pre-installed 
and  ready  to  go.  Another  option,  if  you  have 
Windows  Internet  Information  Server  Web 
Server  running,  is  to  use  the  built-in  wizard 
in  the  IIS  management  tool.  A  certificate 
that  will  work  for  IIS  also  should  work 
fine  for  a  RADIUS  server  because  Micro¬ 
soft  stuffs  the  necessary  Extended  Key 
Usage  attributes  into  its  certifi¬ 
cate  request.  (Stopwatch: 

23  minutes) 

With  certificate  in  hand, 
you  have  to  configure  your 
RADIUS  server.  Although  it 
won’t  all  be  as  easy  as  Odyssey 
the  information  you  have  to 
put  in  is  fairly  simple:  the  IP 
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addresses  of  the  access  points,  what  authentication  methods 
are  allowed  and  what  security  policy  to  enforce.  In  the 
case  of  Odyssey  we  turned  on  PEAP  authentication 
with  MS-CHAPv2,  and  that  was  about  it. 

(Stopwatch:  28  minutes) 

Determine  the  Proximity 

With  the  server  side  done,  your  next  task  is  to  get  the 
wireless  access  point  ready  for  802.  IX.  It’s  possible  to  use 
“pure”  802. IX  authentication,  which  was  the  earliest  implementation 
of  802.  IX  over  wireless.  With  pure  802.  IX, you  use  802. IX  to  authenti¬ 
cate,  but  then  plain  old  Wired  Equivalent  Privacy  for  encryption. 
However,  access  points  that  support  802. IX  will  also  support  Wi-Fi 
Protected  Access  (WPAvl).A  few  also  will  support  802. 1  li.the  IEEE 
final  standard  for  wireless  security,  also  called  WPAv2. 

Because  WPAvl  is  commonly  available  and  considered  very 
secure,  your  best  bet  is  to  dive  right  into  WPAvl  with  802. IX 
authentication. 

Our  next  step  was  making  our  access  point  802.1X-aware 
and  building  a  secure  channel  between  the  access  point 
and  the  RADIUS  server.  We  pulled  an  access  point  off  the 
shelf,  a  Proxim  AP-4000  802.1  la/b/g  device  that  received 
high  praise  in  Network  World’s  wireless  security  test  in 
2004  (www.nwfusion.com,  DocFinder:  6533).  With  the 
AP-4000,  adding  802.  IX  authentication  requires  going 
to  two  screens  to  fill  out  information.  On  one  we  put 
in  our  RADIUS  server  and  the  shared  secret  that 
authenticates  the  access  points  to  the  RADIUS 
server.  If  your  access  point  does  not  have  a  fairly 
secure  channel  to  the  RADIUS  server  (for  exam¬ 
ple,  if  they’re  not  on  the  same  LAN  switch),  it’s 
important  to  pick  a  nice  long  shared  secret  of 
20  characters  or  more. 

On  the  second  screen  of  the  AP-4000,  we 
enabled  WPA  with  802.  IX  authentication 
and  rebooted  the  access  point.  Because  the 
access  point  doesn’t  participate  actively  in 
the  802.  IX  authentication, you  don’t  have 
to  configure  in  all  of  the  miscella¬ 
neous  802. IX  parameters,  such 
as  authentication  method, 
when  you  set  up  the  access 
point.  (Stopwatch:  33 
minutes) 

Turn  on  the  Inspiron 

Because  XP  already  has  WPA 
and  802.  IX  built  in  for  wireless 
security,  we  didn’t  have  to 


install  any  software  on  the  Windows  laptop.  However,  we  had  to  wade  through  the  XP 
client  configuration  menus.  These  are  attached  to  the  wireless  adapter.  Our  test  laptop,  a 
Dell  Inspiron  with  a  built-in  wireless  card,  saw  the  AP-4000  but  didn’t  know  how  to  con¬ 
nect.  By  default, Windows  will  want  to  use  a  digital  certificate  to  authenticate. 

That’s  good  security  but  didn’t  fit  into  our  deployment  plans.  Next,  in 
Windows  preferences,  is  using  the  credentials  you  used  to  log  on  to  XP  — 
again,  not  what  we  wanted. Setting  up  802.  IX  authentication  took  clicking 
on  a  few  property  pages.  (Stopwatch:  38  minutes) 

One  for  the  Aegis 

If  you  use  the  built-in  Windows  client,  you’ll  also  have  to  create  instructions  for  users  to 
add  the  wireless  network  to  their  list  of  networks. We  didn’t  count  that  in  our  time, but  our 
quick  cheat  sheet  would  add  up  to  about  two  pages  of  instructions.  Fortunately  it’s  a  one¬ 
time  effort,  and  if  you  have  users  already  using  the  Windows  wireless  client, you’ve  already 
done  about  half  of  the  work  in  getting  them  set  up.  For  a  more  elegant  solution, you  can 
use  a  third-party  802.  IX  and  WPA  client  that  lets  you  easily  pre-load  profiles. 

Most  wireless  cards  include  802.  IX  capability  in  their  built-in  tools,  typically  using  the 
Meetinghouse  Communications  Aegis  802.  IX  client  and  a  vendor-provided  configuration 
GUI.  Cisco  is  one  of  the  few  that  don’t  use  Meetinghouse,  but  it  does  provide  its  own 
802.  IX  client  as  part  of  the  Cisco  wireless  driver  kit.The  problem  with  using  a  third-party 
client  is  that  not  everyone  will  have  the  same  wireless  card,  and  every  vendor  makes  up 
its  own  GUI  to  drive  the  802.  IX  supplicant  configuration.  As  laptops  with  built-in  wireless 
approach  the  100%  mark, you  might  find  that  the  slightly  greater  complexity  of  the  built- 
in  Windows  client  balances  out  the  necessity  to  maintain  instructions  for  every  brand  of 
wireless  card  anyone  has  ever  bought. 

With  RADIUS  server,  access  point  and  client  configured,  it’s  time  for  the  smoke  test:  Will 
it  work?  In  our  case,  the  answer  was  a  resounding  “no.”We  wasted  14  minutes  looking  for 
ways  to  increase  the  debugging  on  the  built-in  Windows  client.  Fortunately,  looking  at  the 
logs  on  the  RADIUS  server  solved  our  problem  —  we  forgot  to  set  up  a  list  of 
Windows  groups  that  were  allowed  to  log  on. With  a  few  clicks,  we  were  final¬ 
ly  up  and  running  with  XPWithout  disappointment,  you  cannot  appreciate 
victory  —  and  we  were  victorious  with  time  to  spare.  (Stopwatch:  52 
minutes) 

Tweaks  of  the  trade 

Flush  with  success,  we  discovered  that  we  had  cheated  a  little  bit.  It  turns 
out  that  the  Microsoft  802.  IX  client  wasn’t  fully  configured.  As  part  of  our  debugging, 
we  disabled  certificate  verification, a  serious  no-no  in  any  802. IX  environment. When 
we  turned  that  feature  back  on,  the  client  behaved  erratically.  The  laptop  we  tested 
had  Dell’s  own  wireless  configuration  tool  in  it.  We  were  able  to  use  the  Dell-provid- 
ed  version  of  the  Meetinghouse  Aegis  client  to  connect  with  certificate  validation. 
After  finishing  the  last  stage  of  our  speed  implementation  of  802.  IX,  we  went  back 
and  tested  further  with  the  Microsoft  built-in  client.  Eventually,  it  started  working  but 
the  behavior  wasn’t  100%  predictable  and  might  prove  frustrating  for  some 
users. You’ll  have  to  make  your  own  decision  on  the  trade-off  between 
the  convenience  of  one  client  for  all  Windows  users,  whether  wireless 
or  wired,  vs.  the  more  sophisticated,  but  every-company-is-different 
user  interfaces  that  each  wireless  card  vendor  provides.  (Stopwatch: 

56  minutes) 
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A  bite  of  the  Apple 

With  4  minutes  to  spare,  you  might 
want  to  tackle  Mac  clients.  Apple  includ¬ 
ed  802.  IX  capability  in  the  base  operat¬ 
ing  system. The  Apple  client  is  even  easi¬ 
er  to  use  than  Windows.  Selecting  our 
test  802.  IX  network  out  of  the  list  of 


wireless  networks  brought  up  a  dialog 
box  asking  for  a  username  and  pass¬ 
word. The  OS  X  server  identified  our  test 
wireless  network  as  “WPA  Enterprise,” 
which  is  one  of  the  marketing  terms  for 
the  combination  of  WPA  and  802.1X.The 
OS  X  system  then  showed  us  the  digital 
certificate  we  had  received  for  the 


RADIUS  server  and  asked  us  to  approve 
it.  That’s  a  critical  step,  because  if  you 
don’t  know  what  you’re  connecting  to, 
you’re  just  handing  your  username  and 
password  over.  A  few  seconds  later,  we 
were  merrily  surfing  away  —  a  little 
tired,  a  little  wired  and  very  secure. 
(Stopwatch:  59  minutes) 


Snyder  is  a  senior  partner  at  Opus  One.  He 
can  be  reached  at  joel.snyder@  opusl.com. 
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Firewalls 


SonicWall’s  PR0 1 260  Enhanced  offers 
flexibility  at  the  low  end 


Sm  BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 

onicWall’s  new  PRO  1260  Enhanced  gear  combines  the  brains  of  its  pop¬ 
ular  TZ-series  firewalls  with  the  body  of  a  25-port  managed  10/100M  bit/sec 
switch. 


Because  the  PRO  1260  —  released  last 
week  —  runs  an  enhanced  version  of 
SonicOS  software,  each  port  on  the  fire¬ 
wall  can  be  configured  with  its  own 
security  zone. You  can  set  up  an  individ¬ 
ual  firewall  for  every  system  in  the  com¬ 
pany’s  Internet  DMZ.This  keeps  the  DMZ 
from  turning  into  a  free-for-all  if  any  one 
system  sitting  behind  the  firewall  is 
cracked  because  inter-system  traffic  can 
be  fully  controlled. 

In  our  exclusive  Clear  Choice  test,  we 
found  the  PRO  1260  lives  up  to  its  flexi¬ 
bility  promise.  However,  performance  is¬ 
sues  indicate  this  firewall  might  not  be 
the  right  fit  for  inter-LAN  traffic  or  Internet 
connections  faster  than  3M  to  5M  bit/sec. 

The  PRO  1260  offers  the  features  you 
expect  from  an  all-in-one  firewall,  includ¬ 
ing  IPSec  VPN,  firewall-based  anti-vims 
and  content  filtering,  and  in-line  intru¬ 
sion-detection  and  -prevention  capabili¬ 
ties.  SonicWall  also  has  included  e-mail 


filtering  that  can 


Company:  SonicWall,  www.sonicwall. 
com  Cost:  Price  ranges  from  $1,795  to 
$2,295.  Pros:  Very  high  port  density  and 
control  in  a  small,  inexpensive  package; 
easy  to  configure;  features  well-suited  to 
small-business  deployments  including  A/Y  | 
content  filtering,  and  management  of 
wireless  access  points.  Con:  Perform¬ 
ance  with  all  features  enabled  limits 
possible  deployments. 

The  breakdown 


Basic  firewalling  20%  4 


Performance  20%  3 


Manageability  20%  4 


Flexibility  20%  5 


Advanced  features  20%  4 


TOTAL  SCORE 


Scoring  Key:  5:  e  xceptional:  4:  Very  good:  3: 
Average:  2:  Below  average;  1:  Consistently 
subpar 


Filtering  performance 

With  typical  HTTP  traffic,  the  SonicWall  PR0 1260  Enhanced  offers  between 
6M  to  30M  bit/sec  throughput,  depending  on  which  security  features 
are  enabled. 


block  certain  types  of  attachments.  Add 
to  these  optional  features  the  traditional 
stateful  packet  filtering  firewall  and  net¬ 
work  address  translation  (NAT)  capabil¬ 
ities,  and  you  have  a  traditional  small 
and  midsize  business  firewall  package. 

While  other  firewall  vendors  have 
commonly  built  small  Ethernet  switch¬ 
es  into  their  products,  SonicWall  pro¬ 
vides  the  capability  to  treat  each  port  as 
a  separate  security  zone  with  its  own 
security  policy  NAT  rules  and  even 
bandwidth  management  allotments. 
Because  there  are  27  ports  all  told  —  24 
for  the  individualized  zones,  one  for  an 
up-link  and  two  dedicated  for  optional 
WAN  and  DMZ  usages  —  that’s  a  lot  of 
control  and  flexibility 

The  PRO  1260  uses  a  Web-based  ad¬ 
ministrative  GUI  (although  a  command¬ 
line  interface  exists  via  the  serial  port). 
SonicWall  has  taken  great  pains  to  make 
the  set  of  firewall  rules  viewable  (and 
editable)  in  any  one  of  three  formats  —  a 
zone-by-zone  grid;  a  list  picked  by  zone; 
or  just  a  long  list  of  all  rules. 

Although  we  found  the  GUI  easy  to  use, 
managing  a  long  security  policy  would 
be  tedious  because  of  the  inability  to 
reuse  rules  across  zones.  For  example,  if 
you  wanted  to  put  the  same  rule  in  20  dif¬ 
ferent  zones,  you  must  enter  it  20  times. 
Worse,  if  you  wanted  to  change  it,  you 
must  change  it  20  times. 

We  tested  the  PRO  1260  by  putting  it  in 
front  of  16  production  servers,  which  cre¬ 
ates  16  zones  and  16  security  policies 
(See“How  we  did  it, ’’www.nwfusion.com, 
DocFinder:  6522).  SonicWall  keeps  the 
vendor-specific  jargon  during  setup  to  a 
minimum,  which  made  it  easy  to  config¬ 
ure  and  use  the  PRO  1260. 

We  discovered  immediately  though, 
that  the  PRO  1260  is  not  a  high-perfor¬ 
mance  system.  Initially  we  turned  on 
everything,  including  anti-virus  and  intru¬ 
sion  prevention.  We  found  that  the  PRO 
1260  cannot  keep  up  with  a  heavy  load 
with  all  its  features  enabled  (see  graphic, 
above).  In  discussing  these  preliminary 
results  with  SonicWall,  engineers  ex¬ 
plained  the  PRO  1260’s  target  is  a  moder¬ 
ate-bandwidth  environment,  such  as  a 
3M  bit/sec  cable  modem  or  dual-Tl  net- 


Throughput  (in  M  bit/sec) 


With  firewall  filtering  enabled 


With  anti-virus  and  firewall  enabled 


work.  This  contrasts  with  published  per¬ 
formance  rates  at  90M  bit/sec  on  the 
company’s  site  (DocFinder:  6521). 

One  important  performance  considera¬ 
tion  for  the  PRO  1260  is  that  system  limits 
apply  to  all  traffic  that  crosses  zones. 
Thus,  if  you  wanted  to  perform  high¬ 
speed  backups  between  zones,  for  exam¬ 
ple,  you  would  find  the  speed  of  the  PRO 
1260  limiting  internal  traffic. 

We  also  tested  the  PRO  1260  as  a  pure 
switch  by  putting  two  ports  in  one  zone 
and  not  applying  any  security  policy  In 
this  case,  we  had  no  performance  limita¬ 
tions, and  the  firewall  handled  our  nearly 
100M  bit/sec  load  without  problems. 

Another  significant  feature  in  the  PRO 
1260  is  bandwidth  limiting.  Configured 
on  a  per-port  basis,  this  can  be  used  to 
spread  traffic  loads  out.We  found  that  the 
feature  worked  well  as  long  as  the  offered 
load  and  the  desired  load  weren’t  too  far 
apart  in  terms  of  speed  (see  graphic, 
DocFinder  6523). 

We  tested  this  feature  by  setting  four 


30 


18.5 


ports  to  max  out  at  512K  bit/sec  each, 
which  should  have  limited  total  load  to 
2M  bit/sec.  In  the  range  between  2M  and 
4M  bit/sec  offered  load,  the  SonicWall 
held  actual  bandwidth  to  2M  bit/sec 
However,  once  we  tried  to  push  more 
than  4M  bit/sec  of  traffic  through  the  box, 
the  bandwidth-limiting  feature  didn’t 
function  correctly,  letting  much  more 
than  2M  bit/sec  through  the  firewall. 

SonicWall’s  PRO  1260  is  a  huge  step  for¬ 
ward  in  high-port-density  firewalls.  For 
about  $100  per  port,  SonicWall  can  add 
excellent  security  management  to  large 
numbers  of  devices.  For  networks  with 
moderate-speed  Internet  connections 
and  inter-zone  traffic,  the  PRO  1260  is  an 
inexpensive  way  to  add  fine  security 
granularity  in  a  variety  of  environments. 

Snyder  is  a  senior  partner  at  Opus  One  in 
Tucson,  Ariz.,  specializing  in  information 
security  and  messaging  applications.  He 
can  be  reached  at  pel.  snyder@opus  / . 
com. 


SonicWall  unplugged 

We  also  tested  the  PRO  1260  Enhanced  with  SonicWall's  recently  released 
SonicPoint  wireless  access  point.  We  found  this  combination  to  be  a  par¬ 
ticularly  elegant  way  to  manage  many  wireless  access  points.  We  created 
a  profile  in  the  PRO  1260  GUI  and  then  plugged  in  two  SonicPoints.  The  PRO  1260 
Enhanced  detected  them,  upgraded  them  to  the  current  version  of  firmware  and 
configured  them  according  to  our  profile. 

—  Joel  Snyder 


With  IPS  and  firewall  enabled 


With  IPS,  firewall  and  anti-virus  enabled 


Karen  Anderson 


877-461-2631 


kafen@karenanderson.us 
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Inside  every  small  business  there's 
a  website  waiting  to  get  out 
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Brown 

Simmons 

Realtors 


L  Simmons:  Hit  Are  you  interested  in  buying  a  home? 
Visitor:  Yes,  can  you  tell  me  about  listing  #A257-6? 

L  Simmons:  It's  a  beautiful  5  bedroom  4.5  bath 
Colonial  that  was  just  listed  yesterday! 

It's  approximately  4,200  sqiL  and  sits  on  over  2 1/2  acres. 
Visitor.  Wow,  it  sounds  just  Bee  what  we're  searching  fori 
When  could  we  see  It? 


Linda  Simmons 


When 


could 


Welcome  to  Brown  Sc 
Sjrhmons.  Realtors. 

re  have  been  specializing 
rin  estate  homes  for  over 
two  generations. 

From  new  construction 
to  historic  homes, 
we're  here  to  help  you 
and  your  family  find 
the  perfect  home. 


In2site  Live  Dialogue  lets  you  communicate  with 
your  site  visitors  live  and  in  real  time,  making  it  an 
invaluable  tool  for  sales,  support  and  consulting 
professionals  alike. 


With  1&1  WebElements,  you  can  generate  valuable 
feedback  and  collect  qualified  leads  by  adding  template- 
driven  contact  forms,  online  polls,  event  registrations 
and  more  to  your  site. 


The  1&1  Newsletter  Tool  provides  a  cost-effective 
way  to  build  and  maintain  relationships  with  your 
site  visitors.  Create  your  own  mailing  lists,  manage 
recipients'  addresses,  track  resuits  and  more. 


us  the  World's  # 
for  6  months! 


It's  easy! 

"I'm  not  a  professional  web  designer,  but 
with  l&l's  included  site-building  tools  I 
was  able  to  create  a  professional-looking 
website  in  a  short  time  and  without  any 
prior  programming  experience.  I  can't 
believe  how  easy  it  was  for  me  to  create 
my  own  high-impact  web  presence! " 

Bruce  Zachary,  Engineer 


It  works! 

"1&1  includes  these  great  marketing 
tools  that  help  me  better  communicate 
with  my  customers.  I  can  see  when 
someone  comes  to  my  site  and  converse 
with  them  right  then  and  there!  I  can 
easily  collect  and  manage  my  customers' 
data,  and  I  can  send  e-mail  newsletters 
announcing  special  offers." 

Kelly  Sloan,  Salon  Owner 


It's  free! 

"When  I  heard  about  l&l's  previous 
test  drive  promotion,  I  decided  to  give 
web  hosting  a  try.  Turned  out,  a  website 
was  exactly  what  my  business  needed. 

I  am  able  to  showcase  my  work  and 
attract  new  customers.  Being  able  to 
test  drive  the  package  convinced  me 
to  stay  with  1&1." 

Arthur  Limes,  Carpenter 


Test  drive  the  1&1  BusinessPro  Package  - 
1&1's  most  popular  hosting  plan  -  including 
all  the  professional  tools  you  need! 

/  6  Month  FREE  Trial! 
y  No  Credit  Card  Required! 
y  No  Strings  Attached! 

/  1  Domain  Name  Included! 


1  &1  began  as  a  small  business  some  years  ago,  so  we 
understand  your  needs.  If  you're  ready  to  move  your 
business  online  but  thought  it  would  be  too  difficult 
or  too  large  of  an  expense,  turn  to  1  &1 .  Our  hosting 
solutions  are  turnkey  so  you  don't  have  to  search  for 
the  features  you  need  -  they're  all  included!  Even  the 
design  takes  just  minutes.  And,  the  business  packages 
starting  at  only  $9.99  per  month  won't  break  your 
budget! 

Now  -  for  a  limited  time  -  you  can  get  online  with 
1&1  with  a  no  obligation,  6-month  test  drive  of 
the  1  &1  BusinessPro  Package  - 1  &1  's  most  popular 
hosting  plan!  Join  the  millions  of  small  businesses  who 
have  already  established  a  successful  online  presence 
with  1  &1 .  Your  free  trial  is  just  a  click  away.  But  hurry, 
this  offer  ends  April  24,  2005! 


Hi 


FOR  MORE  DETAILS  GO  TO  1AND1.COM 
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■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 


Keep  your  hands  on  the  wheel 

Seeking  to  minimize  dangerous  driving,  some  firms  ban 


employees  from  talking  on 

■  BY  DENISE  PAPPALARDO 

Wireless  cell  phone  usage  policies  are 
increasingly  being  put  in  place,  not  only  to 
reduce  possible  employee  cell  phone  abuse 
but  also  to  reduce  corporate  liability  in  the 
event  the  worst-case  scenario  happens. 

On  March  8,  2000,  15-year-old  Naeun  Yoon  was  walking 
along  a  highway  in  Northern  Virginia  when  she  was  struck 
and  killed  by  a  car  driven  by  Jane  Wagner,  an  attorney  at 
high-tech  law  firm  Cooley  Godward. Wagner  was  on  her  cell 
phone  with  a  client  at  the  time. 

Wagner,  who  says  she  thought  she  hit  a  deer,  turned  herself 
in  when  she  saw  the  news  the  next  morning  and  realized 
what  she  did.  She  lost  her  license  to  practice  law,  served  a 
one-year  jail  term  in  a  work-release  program  and  declared 
personal  bankruptcy  soon  after  her  conviction. 

In  addition  to  suing  Wagner,  Yoon’s  family  sued  Cooley 
Godward  in  a  civil  case,  claiming  the  firm  encouraged  its 
employees  to  work  long  hours  and  didn’t  promote  safe  use 
of  cell  phones  within  its  organization. 

In  2004,  the  law  firm  settled  with  the  Yoon  family  The  com¬ 
pany’s  insurance  policy  paid  about  $92,500  to  the  family, and 
the  firm  settled  for  an  undisclosed  amount.  The  family  also 
was  awarded  another  $2  million  from  Wagner. 

This  is  clearly  a  tragic  case  —  with  the  Yoon  family  suffer¬ 
ing  the  biggest  loss  of  all  —  but  there  are  measures  employ¬ 
ers  can  take  to  reduce  the  chance  that  such  accidents  will 
happen  again.  Although  lawyers  agree  that  wireless  policies 
restricting  employees’  cell  phone  usage  when  operating  a 
motor  vehicle  may  not  eliminate  a  company’s  liability  they 
could  at  least  eliminate  an  accusation  of  negligence. 

Corporate  culpability 

“Anyone  talking  on  a  cell  phone  [while  driving]  is  liable 
for  damages  in  any  accident,”  says  Edward  Foil,  a  longtime 
attorney  who  now  runs  LawBiz,  a  management  consulting 
firm  for  law  firms. 

Today  New  Jersey,  New  York  and  the  District  of  Columbia 
have  laws  on  the  books  that  mandate  drivers  to  use  a  hands¬ 
free  headset  when  using  their  cell  phone  while  behind  the 
wheel.  Several  other  states  have  similar  laws  that  only  cover 
certain  cities  and  towns  (see  graphic). 

“An  employer  with  10  to  1,000  employees  with  company- 
issued  phones  is  responsible  if  one  of  those  employees  care¬ 
lessly  uses  their  phone  while  driving  and  causes  an  acci¬ 
dent,”  Fall  says.  Instituting  corporate-wide  wireless  use  poli¬ 
cies  helps  show  that  the  company  cares  about  safety  but  he 
points  out  that  companies  must  enforce  their  policies. 

Admittedly  this  is  a  challenge.  One  auto  parts  manufactur¬ 
er  rhat  asked  not  to  be  identified  has  a  corporatewide  wire 
less  use  policy  that  restricts  cell  phone  use  while  driving. 


a  wireless  handset. 


Although  employees  are  required  to  pull  over  to  the  side 
of  the  road  to  conduct  business  on  their  wireless  phones, 
a  spokesman  says  the  policy  is  difficult  to  enforce. 

However,  Imagistics  International,  a  document  imaging 
company  in  Trumbull,  Conn.,  actively  follows  up  on  its 
policy  that  prohibits  employees  from  using  company- 
issued  cell  phones  while  driving.  About  1,000  Imagistics 
service  and  dispatch  employees  use  company-issued 
Treo  600  phones  from  Sprint. 

The  policy  includes  language  that  clarifies  acceptable 
personal  use,  and  also  says  that  users  are  not  allowed  to 
operate  their  motor  vehicle  while  talking  on  their  cell 
phones,  hands-free  headset  or  not.  Each  employee  must 
sign  the  document. 

“We  call  it  making  sure  our  employees  are  safely  using 
their  phones.  Users  must  pull  off  to  the  side  of  the  road  to 
use  their  phone,” says  John  Chillock,vice  president  of  cus¬ 
tomer  service  operations.“We  do  not  want  our  employees 
to  hurt  anyone  or  themselves.” 

Imagistics  has  a  standard  practice  within  its  organiza¬ 
tion  to  do  ride-alongs  with  its  service  employees  for 
coaching  and  to  see  how  they  operate.  “It’s  a  chance  to 
give  employees  positive  feedback  and  the  only  way  to 
make  any  policy  work,”  Chillock  says. 

While  Chillock  says  Imagistics  trusts  its  employees,  it’s 
important  to  see  that  they  aren’t  taking  that  occasional 
call  while  between  stops.  He  also  points  out  that  setting 
an  example  at  higher  levels  is  important.  That  is,  if  your 
company’s  executives  follow  the  policy  other  employees 
are  more  likely  to  follow  suit. 

While  the  auto  parts  manufacturer  and  Imagistics  didn’t 
specifically  say  they  were  worried  about  being  sued  in 
case  of  an  accident  caused  by  an  employee  on  his  cell 
phone,  clearly  it’s  something  both  firms  want  to  avoid. 

Hawaii  Home  Loans  in  Honolulu  is  a  cutting-edge  com¬ 
pany  that  exclusively  uses  wireless  phones  throughout  its 
organization.  But  so  far,  the  mortgage  company  only  ver¬ 
bally  recommends  usage  policies,  says  Leonard  Loven- 
thal,  a  senior  vice  president  at  the  company 

“Eveiy  quarter  at  the  company’s  sales  meetings,  I  tell 
employees  to  not  only  keep  courteous  wireless  cell 
phone  usage  at  top  of  mind  but  also  to  be  highly  safe  and 
use  an  ear  piece  while  driving,”  Loventhal  says. 

It  looks  like  the  state  of  Hawaii  will  make  it  easier  for 
Hawaii  Home  Loans  to  enforce  its  verbal  policy:  The  state 
legislature  is  close  to  passing  a  law  that  will  require 
motorists  to  use  hands-free  headsets  while  driving.  “That 
will  take  care  of  the  issue  for  us,”  he  says. 

The  auto  parts  manufacturer,  Imagistics  and  Hawaii 
Home  Loans  are  in  various  stages  of  developing  and  insti¬ 
tuting  wireless  use  policies,  but  most  companies  don’t 
even  have  policies.  It’s  something  that  any  company  that 
issues  phones  to  employees  should  have  not  only  to  try  to 
reduce  corporate  liability  in  case  of  an  accident  but  also 
to  prevent  it  from  ever  happening.  ■ 


Look  at  the  laws 

Two  states  and  the  District  of  Columbia  have 
bans  on  using  hand-held  wireless  devices  while 
driving.  Many  cities  and  towns  have  similar 
restrictions. 

State  Arizona,  Arkansas,  Connecticut,  Illinois, 
Massachusetts,  New  Jersey,  Rhode  Island, 
Tennessee 

Law  School  bus  drivers  may  not  use  cell  phones  while 
operating  a  school  bus,  except  for  emergencies. 

District  of  Columbia 

•  Drivers  must  use  hands-free  devices,  except  for 
emergencies.  On-duty  emergency  police 
personnel  are  exempt  from  the  law. 

•  Drivers  under  18  are  not  permitted  to  use  cell 
phones  while  driving. 

Florida,  Kentucky,  Louisiana,  Mississippi, 
Nevada,  Oklahoma,  Oregon 

•  Local  jurisdictions  can’t  enact  restrictions  on  use 
in  motor  vehicles. 

Maine 

•  Persons  with  permits  or  under  18  with  restricted 
licenses  may  not  use  cell  phones  while  driving. 

Massachusetts 

•  Drivers  can  use  cell  phones  as  long  as  it  does 
not  interfere  with  driving  and  one  hand  remains 
on  the  steering  wheel  at  all  times. 

•  Drivers  must  use  hands-free  devices  in  Brookline. 

New  Jersey 

•  Drivers  must  use  hands-free  devices. 

New  Mexico 

•  Drivers  must  use  hands-free  devices  in  Santa  Fe. 

•  Police  officers  are  prohibited  from  using  hand¬ 
held  cell  phones  while  driving  in  cruisers. 

New  York 

•  Drivers  must  use  hands-free  devices. 

•  Taxicab  drivers  can't  use  cell  phones  while  driving 
in  New  York  City, 

Ohio 

•  Drivers  must  use  hands-free  devices  in  Brooklyn. 

Pennsylvania 

•  Drivers  must  use  hands-free  devices  in 
Conshohocken,  Lebanon,  HilltownTownship.York 
and  West  Conshohocken. 


INSTRUIENTS 


How  much  can  your  network  analyzer  handle? 


Observer  is  the  only  fully  distributed  network  analyzer  built 
to  cover  your  entire  network  (LAN,  802.1 1  a/b/g,  Gigabit,  WAN 
Download  your  free  Observer  10  evaluation  today  and  experie 
more  real-time  statistics,  more  expert  events  and  more  in-de[ 
analysis  letting  you  monitor,  troubleshoot  and  manage  every 
on  your  network  with  one  complete  solution.  Choose  Observe 


-5ECURI  tv  conTRQL  -  Watch  for  virus  and  hack  attacks  to 
quickly  isolate  infected  areas. 


-RLERT-  Setup  Triggers  and  Alarms  on  any  network  threshold 
and  be  the  first  to  know  of  network  issues. 


-fiETwORK  OMERtORD-  Monitor  bandwidth  utilization,  acces: 
point  utilization  rates  and  network  top  talkers  with  Real-Time  St 


US  &  Canada  toll  free  800.526.5958 
fax  952.932.9545 


UK  &  Europe  +44  (0)  1959  569880 


www.networkinstruments.com/anal 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


■  MATRIX  KVM  SWITCH  WITH 

INTEGRATED  REMOTE  ACCESS  OVER  IP 

•  System-wide  connectivity  locally  or  over  IP  from  any  location 
worldwide 

•  Connects  1,000  computers  to  up  to  256  user  stations 

•  Supports  PC,  Sun,  Apple,  USB,  UNIX, 
and  serial  devices 

•  High  quality  video  up  to  1280  x  1024 

•  Secure  encrypted  operation  with  login  and  computer  access  control 

•  Scaling,  scrolling,  and  auto-size  features 

•  View  real-time  4  computer  connections  using  the  quad-screen 
mode 


UltraMatrix™ 

Remote 


KVM  OVER  IP 


UltraMatrix™ 

E-series 


■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


KVM  SWITCH 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,- dthers) 

On-screen  menu  informs  you  of  connection  status/ 

between  units  in  an  expanded  system  '  ", 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches.  It  not  only 
provides  a  comprehensive  solution  for  remote  server  console  access,  this  access  can 
be  local  or  from  any  workstation  on  your  network  over  IP. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM 
an  affordable  price.  The  E-Series  allows  you  to  connect 


many  as  1,000  computers.  The  UltraMatrix  E-Series  is  pvailabje  in  several  sizes:  , 

2x4,  2x8,  2x16,  4x4,  4x8,  4x16,  1x8,  and  1x16  and  either  PC  6r  multi-  platform.  'i 


■  KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 

The  RackView  offers  the  latest,  most  efficient  way  to  organize  and 
streamline  your  server  rooms  and  multiple  computers.  The 
RackView  is  a  rack  mountable  KVM  drawer  neatly  fitted  in  a 
compact  pull-out  drawer.  This  easy-glide  KVM  drawer  contains  a 
high-resolution  TFT/LCD  monitor,  a  tactile  keyboard,  and  a  high- 
resolution  touchpad  or  optical  mouse. 


ROSE  US 
ROSE  EUROPE 
ROSE  Asia 
ROSE  Australia 


+281  933  7673 
+44  (0)  1264  850574 
+  65  6324  2322 
+617  3388  1540 


800-333-9343 

WWW.ROSE.COM 
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ROSE 

ELECTRONICS 


www.nwfusion.com 
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Instantly  Search  Gigabytes  of  Text  Across 
a  PC,  Network,  Intranet  or  Internet  Site 

Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD 


♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦highlights  hits  in  HTML,  XML  &  PDF  while  displaying  embedded 
links,  formatting  &  IfiTKlMiasi _ 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


dtSearch  Reviews... 

♦  “The  most  powerful  document  search  tool  on  the  market” 

—  Wired  Magazine 

♦  “Intuitive  and  austere  ...  a  superb  search  tool”  — PC  World 

♦  “Blindingly  fast”  — Computer  Forensics:  Incident  Response 

Essentials 

♦  “A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 

♦  “Covers  all  data  sources ...  powerful  Web-based  engines” 

—  eWEEK 

♦  “Searches  at  blazing  speeds”  —  Computer  Reseller  News 

Test  Center 


1-800-IT-FINDS 

sales@dtsearch.com 
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See  www.dtsearch.com  for: 

♦  hundreds  of  developer  case  studies  &  reviews 

♦  fully-functional  evaluations 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Of  Band  products,  rely 
on  RADIUS,  TACACS+  and  other  in-band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  of  band  access 
when,  in  fact,  they  offer  only  network  security, 
which  conflicts  with  out  of  band  access. 


A  true  Secure  Out  of  Band  Management 


reliance  upon  network-based  protocols. 


CDI  offers: 

~L-*  Hardware  encryption  over  dial-up 
and  network  connections 
•  RSA  certified  SecurlD  authentication 
without  a  network. 

Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications 
Remote  Power  control 


Homologous  world-wide  approved 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbandmanagement.com 


SENSAPHONE 

IMS 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 
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Microphone 

for  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 
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Sentry  CDU  Cabinet  Power  Distribution 


High-density  Equipment  Cabient  Power  Distribution 
84-Outlet  Receptacles 
20,000  Watt  3-Phase  Power  Distribution  Model 
1 0,000  Watt  208  VAC  Power  Distribution  Model 

True  RMS  Power  Monitoring  per  Branch  Circuit  < 
Local:  Digitial  Displays,  Remote:  via  Interface 

Input  Power  Monitoring  Facilitates  Load  Balancing 

Web  Interface  - 
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Integrated  Temperature  &  Humidity  Probes 

Color-coded  Outlets  by  Branch  Circuit/Electrical  < 
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Center  Rail  "Notch"  for  Simplifying  Cabinet  Installation  < 
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TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  nTAPs 


Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/vlsibility  today. 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  today. 

Free  overnight  delivery  * 
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nTAP  and  the  nTAP  logo  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC 


(2tap‘ 
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To  your  health 

A  sampling  of  provisions  within  the  HIPAA  Security  Rule, 
which  goes  into  effect  April  20. 


Administrative 

•  Risk  and  analysis  mitigation. 

•  Employee  termination  procedures. 

•  Security  awareness  and  training. 

•  Password  and  logon  management 

•  Data  backup  and  disaster-recovery  plan. 

Physical 

•  Facility  access  controls. 

•Workstation  use  and  security. 

•  Disposal  of  workstation  data. 

Technical 

•  Unique  user  identification,  automatic  logoff. 

•  Encryption  and  decryption. 

•  Secure  access  and  deletion  of 

■'  - .1 ,  s-v 

electronically  protected  health  information, 

•  •  ■  .......  . 

HIPAA 

continued  from  page  1 

management  firm  Phoenix 
Health  Systems,  one-quarter  of 
318  organizations  surveyed  don’t 
expect  to  meet  the  deadline  for 
compliance  with  the  HIPAA 
Security  Rule. 

The  Security  Rule  specifica¬ 
tions,  which  have  been  available 
for  about  two  years,  call  for  ad¬ 
ministrative,  technical  and  phys¬ 
ical  safeguards  designed  to  pro¬ 
tect  patient  data. 

The  possible  civil  penalty  for 
being  in  noncompliance  is  $100 
per  violation,  not  to  exceed 
$25,000  per  year  for  identical  vio¬ 
lations.  Criminal  penalties  range 
from  $50,000  to  $250,000  and  one 
to  10  years  in  prison. 

Administrative  safeguards  ac¬ 
count  for  more  than  half  of  the 
provisions.  They  involve  a  risk  an¬ 
alysis,  assigning  responsibility  to 
an  information  security  officer, 
training  employees  and  docu¬ 
menting  security  procedures  such 
as  data  backup  and  disaster  re¬ 
covery.  Physical  safeguards  in¬ 
clude  means  for  workstation  dis¬ 
posal,  media  reuse  and  securing 
areas  where  electronic  protected 
health  information  (EPHI)  may 
be  stored.  The  technical  safe¬ 
guards,  which  many  in  IT  focus 
on,  spell  out  system  authentica¬ 
tion,  encryption  and  decryption 
of  data,  and  transmission  of 
EPHI  within  and  outside  an 
organization. 

Of  the  organizations  that  re¬ 
sponded  to  Phoenix  Health’s  sur¬ 
vey  the  top  reason  cited  for  failing 
to  comply  is  “achieving  successful 
integration  of  new  systems,  poli¬ 
cies  and  procedures  across  the 
enterprise.” 

Integrating  these  systems  and 
putting  in  new  systems  where 
needed  to  mitigate  risk  is  a  big 
undertaking, says  Larry  Rapisarda, 
CTO  for  Harvard-Pilgrim  Health¬ 
care  in  Wellesley  Mass.,  which  put 
security  measures  in  place  well 
before  HIPAA  was  passed  in  1996. 

Rapisarda’s  team  addressed  the 
administrative  safeguards  first. 

“We  set  up  a  compliance  team 
that  included  information  securi¬ 
ty  officers,  legal,  project  man¬ 
agers,”  he  says.  “From  a  security 
perspective,  we  have  put  a  lot  of 
attention  to  risk  analysis  and  iden¬ 
tifying  risk.  Another  big  compo¬ 
nent  was  roles-based  security 

Rapisarda  says  that  while  the  or¬ 
ganization  will  be  compliant  on 
April  20,  it  still  is  looking  for  soft¬ 
ware  that  will  bulk  up  its  technical 
safeguards. 

“We  are  looking  for  software  that 
will  support  provisioning  and  trig¬ 


ger  all  the  processes  that  make 
systems  access  possible,”  Rapisar¬ 
da  says.  “More  importantly  when 
someone  leaves  the  organization 
we  can  remove  that  access.” 

The  legacy  sales  and  claims  ap¬ 
plications  the  organization  uses 
will  be  more  difficult  to  integrate 
than  the  applications  running  on 
Windows  or  Oracle  9i  Real  Appli¬ 
cation  Cluster,  he  says. 

The  organization  has  imple¬ 
mented  password  authentica¬ 
tion  to  access  electronic  sys¬ 
tems,  implemented  an  intrusion- 
detection  system  and  put  in  a 
facility  access  card  system. 
Rapisarda  also  would  like  to 
make  the  organization’s  internal 
portal  available  to  employees  so 
they  can  work  from  home,  but 
he  has  security  concerns. 

“It  is  risky  because  you  don’t 
have  control  of  the  computers  they 
are  using,”  he  says.  “It’s  a  balance 
between  usability  and  security 

Survey  respondents  cited  the 
ambiguity  of  the  HIPAA  Security 
Rule  as  the  second-most  common 
reason  for  not  being  able  to  com¬ 
ply  They  say  that  the  Centers  for 
Medicare  and  Medicaid  Services, 
which  administers  HIPAA,  hasn’t 
offered  interpretations  of  the  rule 
or  sample  forms  and  procedures, 
as  it  did  with  the  HIPAA  Privacy 
Rule,  which  companies  were 
required  to  comply  with  as  of  two 
years  ago. 

“The  reality  of  it  is  the  HIPAA 
Security  Rule  doesn’t  tell  you  how 
to  do  things  —  if  you  look  at  the 
rule,  it’s  pretty  darn  gray  says 
Natalie  Cunningham,  director  of 
the  HIPAA  program  office  for 
Harvard-Pilgrim.The  rule  doesn’t 
say  you  need  X  orYso  that  leaves 
good  organizations  in  a  place  that 
they  can  make  good  decisions 
based  on  their  business  pro¬ 
cesses.” 

Phoenix  Health’s  D’Arcy  Guerin 
Gue,  executive  vice  president  for 


business  services,  explains  that 
this  ambiguity  can  lead  to  prob¬ 
lems  for  which  an  organization 
could  be  penalized. 

“For  example,  organizations 
which  thought  they  complied 
have  disposed  of  workstations 
without  erasing  the  data  on  them 
or  thrown  paper-based  patient 
data  in  the  trash  without  shred¬ 
ding  it  first,”  Guerin  Gue  says. 

Gary  Swindon,  information 


security  officer  for  Orlando  Re¬ 
gional  Health  System,  says  he  can 
relate  to  such  examples. 

“It  was  a  simple  case  of  some¬ 
one  photocopying  records  they 
shouldn’t  have,”he  says.“It  was  less 
about  a  computer  systems  breach 
than  a  breach  of  physical  safe¬ 
guards.” 

Swindon,  who  says  Orlando 
Regional  will  be  compliant  by  the 
deadline,  emphasizes  that  physi¬ 
cal  safeguards  can’t  be  over¬ 
looked. 

“Physical  security  such  as 
putting  locks  on  doors  that  have 
computers  that  process  informa¬ 
tion  is  essential,”  he  says.“Although 
the  rule  was  designed  to  protect 
EPHI, paper-based  records  are  still 
protected  by  the  legislation.” 

Harvard-Pilgrim’s  Rapisarda  says 
that  despite  the  ambiguity  of  the 
new  requirements  and  the  prob¬ 
lems  of  integrating  systems,  appli¬ 
cations  and  services,  the  HIPAA 
Security  Rule  only  serves  to  rein¬ 
force  best  practices. 

“HIPAA  says  you  should  be  mak¬ 
ing  security  and  privacy  second 
nature  in  your  organization,” 
Rapisarda  says.  “Everyone  has  to 
think  of  privacy  and  security  in 


every  decision  they  make,  wheth¬ 
er  it’s  the  position  of  your  desk  or 
whether  you  should  be  using  a 
screen  saver.  HIPAA  is  giving  us  an 
umbrella  to  audit  ourselves  in 
terms  of  compliance.” 

Robert  Brown,  director  of  infor¬ 
mation  security,  privacy  and 
HIPAA  compliance  for  Borgess 
Health  Alliance  in  Kalamazoo, 
Mich.,  agrees. 

“The  HIPAA  Security  Rule  is 
based  on  a  number  of  existing 
standards  that  have  been  promul¬ 
gated  already  —  for  example  the 
ISO  1 7799  standard,”  he  says.“A  lot 
of  what’s  in  the  HIPAA  Security 
standard  comes  out  of  there  — 
what  the  Department  of  Health 
and  Human  Services  did  in  pre¬ 
paring  the  HIPAA  Security  Rule 
was  do  a  survey  of  what  already 
existed.” 

Brown  says  if  organizations  are 
aware  of  current  standards  and 
meet  them,  they  should  be  pretty 
far  toward  compliance. 

“People  that  are  good  about 
being  compliant  with  the  [Joint 
Commission  on  Accreditation  of 
Healthcare  Organizations]  stan¬ 
dards  and  ISO  17799  should  be 
ahead  of  the  curve,”  he  says.  ■ 


MCI  to  offer  service  that 
blocks  DoS  and  worm  attacks 


■  BY  DENISE  PAPPALARDO 

MCI  is  expected  to  launch  a  new  security  service 
this  month  that  the  company  says  will  proactively 
thwart  denial-of-service  and  worm  attacks. 

The  service,  called  WAN  Defense,  detects  and  stops 
threatening  traffic  from  hitting  customer  networks. 

MCI  is  using  Arbor  Networks’  FeakFlow  SP  network 
behavior  anomaly-detection  products  to  determine  if 
there  is  an  attack  on  a  network.  The  carrier  also  is 
using  Cisco’s  Mitigation  device  to  “scrub  packets, 
essentially  taking  all  of  the  bad  packets  out  of  the 
flowf  says  Robert  Rigby  director  of  security  services 
for  MCI. 

“What’s  unique  about  this  service  is  it  offers  cus¬ 
tomer-specific  monitoring  at  the  user  port  level  . . . 
providing  near  instant  detection  of  an  attack,”  says 
Mark  Sitko,  vice  president  of  security  services  prod¬ 
uct  management  at  MCI. 

Based  on  traffic  trends  across  its  IP  backbone  and 
directed  toward  customer  networks,  MCI  will  be  able 
to  determine  if  there  are  unusual  traffic  trends  using 
the  Arbor  product,  the  company  says.  Depending  on 
the  activity  MCI  could  throttle  back  the  traffic  so  it 
wouldn’t  overload  ports,  or  it  could  stop  it  all  togeth¬ 
er  if  the  traffic  was  deemed  dangerous. 

“The  big  driver  behind  the  need  for  these  types  of 
services  is  the  migration  of  the  majority  of  threats 
from  hackers  to  a  criminal  level,”  says  Jim  Slaby  a 
senior  analyst  at  The  Yankee  Group.  “If  you  think 
about  organizations  such  as  the  New  York  Stock  Ex¬ 
change,  there  is  the  potential  to  send  ripples  through 
the  world  economies  if  its  network  was  successfully 


attacked  and  brought  down.” 

“In  2004,  the  majority  of  the  attacks  on  the  Web 
went  from  being  teenage  hackers  trying  to  impress 
their  friends  to  criminals  trying  to  profit  from  an  at¬ 
tack,”  he  says. 

MCI  shared  some  details  about  its  new  service  but 
would  not  discuss  pricing  or  general  availability  The 
carrier  says  it  will  provide  additional  information  at 
the  end  of  the  month  when  it  officially  launches  the 
offering. 

MCI  is  not  the  first  to  develop  such  a  service.  Sprint 
has  an  offering  on  the  market,  and  AT&T  is  readying 
one  as  well. 

In  October, Sprint  launched  its  IP  Defender  service. 
The  offering  uses  the  same  tools  being  deployed  by 
MCI  to  proactively  thwart  distributed  DoS  attacks. 

Carriers  such  as  AT&T  are  using  their  global  net¬ 
work  view  to  monitor  events  from  all  over  the  globe 
to  support  proactive  services,  says  John  O’Keefe, 
senior  analyst  of  Internet  services  at  Current 
Analysis.  In  November,  AT&T  announced  its  proac¬ 
tive  anti-DoS  and  worm  service.  The  offering  is  part 
of  AT&Ts  managed  Network  Based  Firewall  service. 
The  technology,  which  is  based  on  the  carrier’s 
Internet  Protect  DDoS  Defense  offering,  is  being 
deployed  throughout  AT&T’s  global  IP  network,  ft 
aids  in  identifying  worms,  viruses  and  DoS  attacks 
while  diminishing  or  eliminating  the  destructive 
effects  these  attacks  can  have  on  customer  net¬ 
works. 

The  offering  was  slated  for  availability  in  the  first 
quarter,  but  the  carrier  has  yet  to  deliver.The  compa¬ 
ny  now  says  the  service  can  be  expected  in  June.* 
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Implant 
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technology  that’s  been  used  for 
yeans  to  tag  dogs  so  they  can  be 
identified  if  lost,  except  the 
human  chip  works  on  a  different 
radio  frequency 

Since  Applied  Digital,  on  behalf 
of  its  subsidiary  VeriChip,  got 
authorization  from  the  U.S.  Food 
and  Drug  Administration  (FDA) 
last  October  to  sell  the  chips  for 
human  implantation,  about  1,000 
chips  have  gone  live. 

“1  have  a  blown  pupil,  a 
detached  retina,  in  my  left  eye 
from  a  skiing  accident,”  says 
Krull,  explaining  his  decision  to 
have  a  physician  with  a  syringe 
stick  a  chip  in  him  under  local 
anesthetic  in  what  he  described 
as  a  fairly  simple  procedure. “I’m 
supposed  to  wear  a  MedAlert 
bracelet  because  one  of  the  indi¬ 
cators  of  a  head  injury  is  a 
blown  pupil.  One  thing  they 
might  do  in  that  kind  of  emer¬ 
gency  is  drill  holes  in  your  skull.” 

The  thought  of  having  holes 
unnecessarily  drilled  into  his 
head,  because  of  a  misdiagnosis 
during  a  medical  emergency  got 
Krull  thinking  about  having  a 
chip  implanted  after  he  heard 
about  it  during  a  conference  in 
Spain.“l  wanted  to  get  chipped,” 
he  says. 

His  family  —  wife,  sisters, 
nephews  and  nieces  —  was 
wary. 

“They  said/Are  you  nuts?’ They 
had  a  lot  of  questions,  like  will 
the  chip  be  visible  or  is  there  a 
risk  of  rejection,”  Krull  says. 

Now  officially  human  No. 


1020000000,  Krull  can  access  his 
personal  data  stored  online  at 
VeriChip’s  portal  and  make  any 
changes  he  wants  by  using  a 
reader  and  a  PIN  code.  Krull 
elected  to  store  his  medical 
information  and  address,  phone 
numbers,  fax  and  e-mail  at  the 
Web  site. 

While  his  family  has  grown 
relaxed  about  it  all, “the  biggest 
opposition  is  from  people  in  my 
own  field  —  security  Krull 
points  out.  Critics  say  the  chip 
poses  a  huge  privacy  and  secur¬ 
ity  threat  that  will  let  the  govern¬ 
ment  and  private-sector  snoops 
get  personal  information. 

Krull  says  he  understands  the 
point  of  view  taken  by  some  pri¬ 
vacy  advocates  but  contends 
there’s  little  value  in  keeping  in¬ 
formation  such  as  the  condition 
of  his  eyeball  a  secret. 

“It’s  entirely  up  to  me  what  I 
put  on  my  chip,”  he  says.Tve 
been  involved  with  authentica¬ 
tion  for  20  years,  working  with 
biometrics,  and  I  was  promoting 
the  token.  Now  1  am  the  token.” 

Fellow  implantees  include  the 
attorney  general  of  Mexico  City 
and  some  of  his  staff,  who  were 
chipped  to  help  identify  them 
in  the  event  that  they  become 
crime  victims.  Some  are  getting 
implants  just  for  kicks  —  a 
nightclub  in  Glasgow,  Scotland, 
called  Bar  Soba,  offers  to  im¬ 
plant  chips  in  its  guests  so  the 
bar  can  prepare  each  patron’s 
favorite  drink  the  minute  he 
walks  in. 

The  doctor  is  in 

Also  getting  a  chip  shot  was 


John  Halamka,  the  CIO  at  Beth 
Israel  Deaconess  Medical 
Center  in  Boston  and  Harvard 
Medical  School  and  a  practic¬ 
ing  physician.  Halamka  got 
chipped  last  December  in  an 
experiment  of  his  own  making. 

The  outspoken  CIO  says  he’s 
had  “no  side  effects,  no  pain,  no 
change  in  muscle  function  and 
no  migration  of  the  chip”  in  the 


months  it’s  been  in  him,  despite 
rock  and  ice  climbing  where 
Halamka  exposed  himself  to 
“extremes  of  temperature,  wind, 
water” 

Halamka  decided  to  be  a  chip 
guinea  pig  as  the  result  of  experi¬ 
ences  he  had  while  working  in 
emergency  medicine  at  Harbor- 
UCLA  Medical  Center  in  Carson, 
Calif.  Emergency  care  often  put 
him  in  the  situation  of  having  to 
identify  patients  who  were  with¬ 
out  ID  documents  and  uncon¬ 
scious,  non-verbal  or  mentally  ill. 
That  often  involved  picking  out 
clues  found  in  their  belongings 
such  as  a  clothing  label. 

“I  would  inevitably  reunite  the 
patients  with  their  loved  ones, 
but  not  before  significant  worry 
and  possibly  unwanted  medical 
interventions  had  occurred,” 


Halamka  says. 

In  his  CIO  role  Halamka  is 
responsible  for  all  clinical,  finan¬ 
cial,  educational  and  research 
technologies  for  3,000  doctors, 
12,000  employees  and  2  million 
patients.  After  the  FDA  approved 
the  implantable  chip, “I  felt  I  was 
in  a  unique  position  to  pilot  the 
technology  Halamka  says.“That 
means  that  when  a  scanner  is 


passed  within  6  inches  of  my 
arm,  my  medical  identifier  is  dis¬ 
played  and  can  be  used  by 
authorized  healthcare  workers  to 
retrieve  information  about  my 
identity  and  medical  history  via 
a  secure  Web  site.” 

Halamka  emphasizes  jiis  role 
at  present  is  not  that  of  chip  ad¬ 
vocate  for  hospitals  but  as  a  real- 
life  test  case. Though  he  says  that 
Alzheimer’s  patients  might  bene¬ 
fit  from  RFID  chips  one  day,  as 
long  as  it’s  clear  the  patients  gave 
informed  consent  to  have  a  chip 
implanted. 

The  chip  is  expected  to  last  at 
least  10  years  based  on  pet 
experience.  Halamka  says  it’s 
safe  for  MR1  scans,  and  he  sees 
no  evidence  the  chip  can  be 
deactivated  through  magnetic 
energy.“I  have  flown  to  several 
dozen  cities  since  the  implant 
and  have  not  triggered  any  air¬ 
line  security  systems,”  he  notes. 
The  chip  is  not  a  GPS. 

The  unique  ID  transmitted  by 


the  VeriChip  human-implantable 
chip  isn’t  encrypted,  so  it  could 
be  read  by  a  compatible  reader. 
But  unauthorized  reading  of  the 
chip  doesn’t  disclose  any  specific 
health  information,  he  adds,  be¬ 
cause  that’s  on  a  closed  Web  site. 

However,  Halamka  says  there 
are  privacy  concerns  that 
should  be  addressed.  He  points 
out  that  an  RFID  scanner  theo¬ 
retically  could  record  his  pres¬ 
ence  while  he  was  making  a 
purchase,  and  on  a  repeat  visit  it 
would  be  possible  to  identify 
him  and  his  previous  purchases 
using  that  information  for  mar¬ 
keting  purposes. 

“Spam,  generated  by  the  pres¬ 
ence  of  your  body,  is  theoreti¬ 
cally  possible,”  he  says.  He  says 
there’s  no  legislation  to  pre¬ 
clude  RFID  scanning  of  an 
individual  for  anonymous 
tracking,  which  could  be  “anal¬ 
ogous  to  the  spyware  and 
adware  infecting  our  comput¬ 
ers  after  surfing  Internet  sites.” 
The  potential  for  hacker  abuse 
shouldn’t  be  underestimated, 
he  adds. 

The  security  issue  “must  be 
understood  as  one  of  the  risks  of 
having  an  implanted  identifieif 
Halamka  says. 

Nonetheless,  he  has  listed  his 
identifier  as  part  of  his  medical 
record  in  the  Beth  Israel 
Deaconess  medical  record  sys¬ 
tem,  called  Care  Web,  so  that  a 
physician,  with  his  consent,  could 
enter  the  RFID  tag  information  to 
retrieve  his  medical  history 

“I  have  no  regrets,”  Halamka 
says  about  the  whole  implant 
experience,  even  though  remov¬ 
ing  the  chip  would  require 
minor  surgery  And  he  would 
consider  upgrading  himself  with 
a  new  chip,  too,  should  a  better 
one  come  along.  ■ 


New  HP  head  not  in  a  rush 


I  ![My  family]  said,  ‘Are  you  nuts?’ 
They  had  a  lot  of  questions . .  .91 

Joseph  Krull 

Security  consultant  with  an  RFID  chip  implant 


■  BY  STACY  COWLEY 

In  his  first  encounter  with  Wall  Street 
analysts  as  HP’s  new  leader,  incoming 
CEO  Mark  Hurd,  refused  to  map  out  his 
plans  for  the  company’s  direction.  Hurd 
said  he  would  spend  the  next  few 
months  learning  about  HP  before  he 
crafted  a  strategy  for  running  it. 

Analysts  on  the  conference  call  last 
week  asked  Hurd  if  he  would  consider 
breaking  up  HPby  spinning  off  its  lucra¬ 
tive  printing  group  or  struggling  PC  divi¬ 
sion.  Hurd  said  he  needed  more  time  to 
study  HP  but  he  suggested  he  would  prefer  to 
appease  shareholders  looking  for  investment  gains 
by  improving  HP’s  overall  performance  rather  than 
by  selling  off  pieces  of  the  firm.  HP  Chairman 
Patricia  Dunn  repeated  the  board’s  previous  state¬ 
ments  that  HP’s  CEO  switch  is  about  changing  the 
company’s  operational  performance,  not  its  strategy. 

Hurd  comes  to  HP  with  a  reputation  as  a  cost-cut¬ 
ter  devoted  to  bottom-line  efficiencies.  He  brushed 


aside  a  question  about  whether  he 
would  consider  workforce  reductions, 
saying  he  needed  more  time  to  deter¬ 
mine  that,  but  he  said  operational  excel¬ 
lence  would  be  his  priority 
HP  has  already  shed  several  execu¬ 
tives  who  didn’t  live  up  to  expectations: 
Then-CEO  Carly  Fiorina  fired  three 
major  sales  executives  last  year  after  HP 
suffered  through  a  poor  quarter.  HP  has 
also  cut  more  than  17,000  jobs  since  it 
acquired  Compaq  in  2002. 

Several  of  HP’s  top  managers  were 
likely  candidates  for  the  CEO  job, 
including  storage,  servers  and  services  group  head 
Ann  Livermore  and  printing  and  imaging  business 
head  Vyomesh  Joshi.  Hurd  deflected  a  question 
about  how  he  would  retain  such  executives,  and 
about  his  plans  for  HP’s  senior  leadership. “I  believe 
very  much  in  organic  promotion,”  he  said. 

Cowley  is  a  correspondent  with  the  IDG  News 
Service. 


New  CEO  Mark  Hurd 
comes  to  HP  with  a  rep¬ 
utation  as  a  cost-cutter. 
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Grokster:  If  the  suit  doesn’t  fit 


omplex  problems  rarely  have 
simple  causes.  Moreover,  trying 
to  solve  a  complex  problem  as 
if  it  were  simple  usually  creates 
even  more  problems. 

But  such  is  the  case  with  the  enter¬ 
tainment  industry  and  the  highly 
complex  file-sharing  problem. 
Hollywood  would  like  a  simple  solution,  and  as 
they  can’t  get  much  support  from  the  consumers 
doing  the  piracy  they  are  going  after  what  they 
think  is  the  next  best  thing:  the  systems  used  for 
sharing  files. 

In  the  latest  round  of  legal  wrangling  over  the  fate 
of  file-sharing  systems,  the  case  of  MGM  vs.  Grokster 
currently  being  heard  in  the  Supreme  Court,  the 
plaintiffs  would  like  the  court  to  believe  they  have 
identified  a  simple  cause  of  their  problems: 
Grokster. 

The  arguments  last  week  were  interesting  as  they 
demonstrated  just  how  complex  the  issues  really 
are.  For  example,  central  to  the  debate  was  Apple’s 
iPod  because  that  device  and  similar  machines 
from  other  manufacturers  can  be  used  to  (gasp!) 
transport  illegally  acquired  music  files. 

To  this  end  Donald  Verrilli,  the  lawyer  for  the 
plaintiff,  argued  disingenuously  that  most  iPbd  buy¬ 
ers  are  honest  consumers,  the  type  that  pay  for 


their  digital  music. 

Apparently,  Justice  David  Souter  disagreed,  saying 
that  “even  iPod  users  will  steal  music  if  they  believe 
they  can.”  Souter  went  on  to  ask  why  the  entertain¬ 
ment  industry  would  sue  Grokster  but  wouldn’t 
also  want  to  sue  Apple  using  the  same  legal  flim¬ 
flam  (he  actually  used  the  term  “theory”).  Let’s  see, 
could  Apple’s  high  profile  with  iTunes  give 
Hollywood  a  reason  to  leave  that  particular  can  of 
worms  undisturbed? 

Justice  Antonin  Scalia  said  that,  should  the  enter¬ 
tainment  companies  prevail,  a  consequence 
would  be  a  dampening  effect  on  technology 
because  if  “I’m  a  new  inventor,  I’m  going  to  get 
sued  right  awayf 

Scalia  then  referred  to  the  defendant,  named  on 
the  docket  and  in  the  considerable  number  of 
friend-of-the-court  briefs  as  “Grokster,  whatever  this 
outfit  is  called."While  Scalia  apparently  appreci¬ 
ates  key  issues  in  the  case,  I  rather  think  that  if  you 
are  unsure  of  the  name  of  the  defendant,  we’re 
going  to  find  it  hard  to  believe  you  are  exercising 
sound,  informed  judgment. 

A  crucial  issue  is  whether  Grokster  intended  to 
enable  piracy.  Unless  they  can  find  concrete  proof 
of  that  goal,  any  suppositions  about  Grokster’s 
aims  are  not  relevant.  So  far,  that  proof  is  absent, 
but  this  is  law,  not  logic. 


www.nwfusion.com 


Be  that  as  it  may,  should  Grokster  be  found  guilty 
then  Apple,  and  all  the  other  makers  of  portable 
music  devices,  could  and  maybe  should  also  be 
held  liable.Then  could  come  the  CD  and  DVD 
drive  manufacturers;  the  VCR  manufacturers;  Tivo 
and  the  other  personal  video  recorder  vendors; 
ISPs;  as  well  as  Microsoft,  Sony,  IBM,  HP  and  any 
other  company  that  makes  products  that  could  be 
seen  as  providing  the  means  for  piracy. 

While  a  win  for  MGM  wouldn’t  most  likely  result 
in  such  a  sweeping  attack  on  so  many  companies, 
it  would  give  Hollywood  a  platform  to  go  after  the 
low-hanging  fruit,  the  small  guys  who  can  be 
made  “examples.”  And  the  worrying  part  is  that  this 
same  platform  could  be  used  to  push  for  legally 
enforced  universal  embedded  digital  rights  man¬ 
agement  in  all  media  products;  a  truly  awful  and 
ultimately  ineffective  solution. 

The  issues  that  the  court  must  wrestle  with  in 
this  case  are  more  complex  than  any  of  the  sim¬ 
plistic  arguments  currently  being  put  forward,  and 
we  can  only  hope  that  the  Supreme  Court  recog¬ 
nizes  that  to  be  the  case. To  paraphrase  the  late 
Johnny  Cochran,  if  the  suit  doesn’t  fit, you  must 
acquit^- 

A  verdict  is  expected  in  June.  Your  verdict  hopefully 
sooner  than  that  to  nwcoIumn@gibbs.com. 
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By  Paul  McNamara 


RSS  spreading  its  wings 

RSS  isn’t  only  for  blogs  and  online 
news  sites  anymore:  Corporations  are 

beginning  to  see  potential  in  this  increasingly  popular  communication  channel  for 
keeping  in  touch  not  only  with  customers  and  partners  but  also  with  employees. 

Such  is  the  obviously  self-serving  assessment  of  MichaelTerner,  CEO  at 
KnowNow,  a  Kleiner- Perkins-backed  software  integration  specialist  that  has 
hopped  aboard  the  RSS  bandwagon  with  unbridled  enthusiasm. 

“RSS  in  the  U.S.  today  is  a  mechanism  for  blogs  and  media,  primarily  for 
news,”Terner  says.  “What  we  have  begun  to  see  is  the  adoption  of  RSS  on  a 
broader  basis  by  enterprises  for  moving  any  sort  of  information  more  easily.” 

KnowNow's  trophy  customer  is  ING  Group,  a  European  business  services 
company  whose  chairman  is  apparently  fond  of  communicating  directly  with  all 
115,000  far-flung  employees  on  a  regular  basis.  “They've  embedded  our  [RSS] 
reader  into  their  IBM  WebSphere  portal/’Terner  says,  and  are  looking  to 
expand  the  use  of  RSS  into  a  number  of  areas. 

Customer  care  and  feeding  is  a  fertile  field,  according  toTerner.  Companies 
that  offer  e-mail  updates  to  customers  who  are  willing  to  register  for  them 
typically  can  expect  participation  rates  of  only  10%  to  15%,  he  says.  “Users 
don't  always  register,  because  they’re  afraid  of  getting  too  much  e-mail  or 
inappropriate  stuff,"  he  says.  “And,  in  fact,  that  is  the  case  most  of  the  time. 
The  publisher  owns  the  subscription,  and  if  it  gets  sold  you  might  get  a  bunch 
of  spam  along  with  it.” 

Giving  customers  another  option  —  RSS  and  its  inherent  anonymity  and  user 
control  —  might  bring  another  20%  of  the  target  audience  into  the  communica¬ 
tion  channel,  he  says. 

But  how  can  the  consumer  masses,  who  only  recently  gained  comfort  with  sim¬ 
ple  e-mail,  possibly  be  counted  on  to  embrace  something  as  exotic  as  RSS? 


“That’s  a  really  fair  question  and  I  agree  with  you  that  there  is  a  problem,” 
Terner  says.  “RSS  today  isn’t  simple  for  consumers.  It’s  pretty  straightforward 
for  the  early  adopters,  but  something  even  simpler  is  needed.That  is  part  of 
what  our  offer  is.  We've  put  together  a  product  that  is  used  by  enterprises  and 
allows  them  to  deliver  a  preconfigured,  preioaded  RSS  reader  to  the  customer. 
The  customer  doesn’t  even  really  need  to  know  that  they’re  getting  RSS 
feeds." 

The  issues  are  different  within  a  corporate  environment  where  employers 
may  need  or  want  to  control  the  number  and  types  of  RSS  feeds  that  are  being 
accessed  in  the  workplace. 

KnowNow’s  LiveServer  “works  significantly  different  from  a  regular  RSS 
reader  where  the  user  controls  everything, "Terner  says.  “In  an  enterprise  we 
need  to  get  somewhere  between  the  e-mail  model  where  the  subscription  is 
controlled  by  the  publisher  and  the  RSS  model  where  it  is  controlled  by  the 
user.  We  bridge  that  gap  because  we’ve  got  a  server." 

Among  the  stakes  of  allowing  an  RSS  free-for-all  is  a  possible  repeat  of  the 
bandwidth  issues  seen  during  the  heyday  of  push  technology,  he  says. 

“If  everyone  goes  and  gets  a  standard  RSS  reader  then  you  could  have  the 
situation  where  you  have  10,000  employees  subscribing  to  a  variety  of  internal 
feeds  and  some  external  ones  like  the  weather,"  he  says.  “You  could  literally 
have  10,000  readers  checking  at  the  top  of  every  hour  to  see  if  the  weather  has 
changed. That  will  bombard  your  internal  infrastructure." 

Terner  also  sees  a  tangential  benefit  for  networks  from  RSS-based  commu¬ 
nications:  better  spam  control. 

"If  you  have  general-purpose  information  flows  being  sorted  out  and  man¬ 
aged  using  an  RSS  mechanism,  you  can  crank  up  the  spam  filters  on  e-maiS 
until  it’s  getting  closer  to  a  white  list,"  he  says. 

E-mail  remains  the  communication  channel  of  choice  here.  The  address  is 
buzz@nww.com. 


DB2  WONT  ABANDON  YOU. 

Perhaps  you’ve  heard:  Oracle  desupported  Oracle 
Database  8i  last  year.  Meaning  potential  headaches, 
higher  cost  or  a  complete  migration  to  current  versions 
of  Oracle.  Fortunately,  IBM  offers  ongoing,  around-the- 
clock  service  and  support  for  DB2. 

But  that’s  not  all.  A  Solitaire  study  has  found  that,  on 
average,  Oracle  Database  requires  25%  more  time  to 
manage  than  DB2.1  That’s  big. 

And  an  ITG  study  showed  overall  costs  for  Oracle  Database 
up  to  four  times  higher  than  DB2.2  The  Transaction  Process¬ 
ing  Performance  Council  results  show  that  DB2  and 
eServer"  p5-595  are  more  than  twice  as  scalable  as  Oracle 
Real  Application  Clusters,  making  them  the  overwhelming 
performance  and  scalability  leader  for  TPC-C?  That’s  big,  too. 


No  wonder  DB2  is  regarded  as  the  leading  database  built 
on  and  optimized  for  Linux®  UNIX®  and  Windows?  Like 
other  IBM  database  engine  products  such  as  Informix® 
and  Cloudscaper  DB2  is  part  of  an  innovative  family  of 
information  management  middleware  that  integrates,  and 
can  actually  add  insight  to  your  data. 

It’s  also  built  to  take  full  advantage  of  your  existing 
heterogeneous  and  open  environments,  and  is  built  to 
enable  true  grid  computing. 

Why  not  move  up  to  middleware  that  makes  sense?  Now 
you  can  get  IBM  DB2  Universal  Database  or  Informix 
by  taking  advantage  of  our  extremely  compelling  trade- 
up  program.  Visit  ibm.com/db2/swap  today  to  find  out  if 
you  qualify. 


DEMAND  BUSINESS 


IBM,  the  IBM  logo,  DB2,  eServer,  Informix,  Cloudscape  and  the  On  Demand  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and  other  countries.  Linux  is  a  registered  trademark  ot  Linus  Torvalds.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  rn  the  United  States  and/or  other 
countries.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 
of  others.  ©2005  IBM  Corporation.  All  rights  reserved.  'DB2  Performance  on  IBM  Server'  pSeries  and  xSeries,"  Solitaire  Interglobal  Ltd.,  2003:  based  on  Oracle  Database  9i.  ‘"IBM 
Solutions  for  PeopleSoft  Deployment  in  Mid-sized  Businesses  Quantifying  the  New  Cost/Benefit  Equation."  July  2003,  International  Technology  Group.  Los  Altos.  California.  ’All  referenced 
results  are  current  as  of  12/14/04.  DB2  UDB  v8.2  on  IBM  eServer  p5  595  (64-way  POWER5  1.9  GHz)  and  AIX  5.3L:  3,210,540  tpmC  @  $5 19/tpmC  available:  May  15,  2005.  vs.  Oracle 
RAC  lOg  on  HP  Integrity  rx5670  Cluster  64P  (16  x  4-way  Intel  Itanium2  6M  1.5GHz):  1,184.893  tpmC  @  $5.52/tpmC  available:  April  30.  2004;  TPC  Benchmark,  TPC-C,  tpmC  are 
trademarks  of  the  Transaction  Processing  Performance  Council.  For  further  TPC-related  information,  please  see  http://www.tpc.org/ 
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Spam  and  virus  protection  at  an  affordable  price, 


No  per  user  license  fees 
Prices  starling  at  $1399 
Powerful,  enterprise-class  solution 


Barracuda  Spam  Firewall 


©Copyright  2004,  Barracuda  Networks,  Inc,  All  rights  reserved.  Reclaim  Your  Email, and  Barracuda  Spam  Firewall  are  either 
trademarks  or  registered  trademarks  of  Barracuda  Networks,  Inc.  and/or  it  subsidies  in  the  United  States  and/or  other  countries. 


Order  a  free  evaluation  unit  at 
www.barracudanetworks.com 


Aggressive  Reseller  Program 

POWERFUL  EASY  TO  USE  AFFORDABLE  Get  more  info  by  visiting  www.barracudanetworks.com/ifor 

or  by  calling  1 -888-ANTI-SPAM  or  408-342-5400 


